CBSETest.comby Bimal Publications

Need help with Security Aspects?

Practice Tests
Class 12 · Computer Science NCERT Class 12 Computer Science · Ch. 128 min read · 15 questions

Security Aspects

Computer Science

Security Aspects

In the digital age, securing data and computer systems is as important as securing physical assets. Cybersecurity encompasses the practices, technologies, and processes designed to protect computers, networks, data, and programs from unauthorised access, damage, or attack.

Why Security Matters

  • Data is a valuable asset. Unauthorised access can lead to:
  • Financial loss (bank fraud, ransomware).
  • Privacy violations (personal data theft).
  • Reputation damage (website defacement).
  • Disruption of critical services (hospitals, power grids).

Types of Cyber Threats

Malware (Malicious Software): Any software designed to harm, disrupt, or gain unauthorised access.

  • Virus: A program that attaches itself to legitimate files and spreads when those files are executed. It requires human action to spread. Damages files or corrupts the system.
  • Worm: A self-replicating program that spreads automatically across networks without needing to attach to a host file. Consumes bandwidth and system resources.
  • Trojan Horse: Appears to be legitimate software but contains hidden malicious code. Does not self-replicate; it tricks the user into installing it.
  • Ransomware: Encrypts the victim's files and demands payment (ransom) to restore access. Example: WannaCry.
  • Spyware: Secretly monitors user activities and collects personal information without consent.
  • Adware: Displays unwanted advertisements; may also track browsing habits.
  • Keylogger: Records every keystroke made on a keyboard, capturing passwords and sensitive data.
  • Rootkit: Hides deep in the OS to give an attacker privileged access while concealing its presence.
  • Botnet: A network of infected computers (bots/zombies) controlled remotely by an attacker to carry out coordinated attacks.

Types of Cyber Attacks

Phishing: A fraudulent attempt to obtain sensitive information (passwords, credit card numbers) by disguising as a trustworthy entity in electronic communication (fake emails, websites). Spear phishing targets specific individuals.

Denial of Service (DoS) Attack: Flooding a server with so many requests that it becomes overwhelmed and unavailable to legitimate users. A DDoS (Distributed DoS) attack uses many computers (often a botnet) simultaneously.

Man-in-the-Middle (MitM) Attack: The attacker secretly intercepts and possibly alters communication between two parties who believe they are directly communicating with each other.

SQL Injection: An attacker inserts malicious SQL code into an input field (e.g., a login form) to manipulate the database — potentially viewing, modifying, or deleting data.

Cross-Site Scripting (XSS): Injecting malicious scripts into web pages viewed by other users.

Brute Force Attack: Systematically trying all possible passwords until the correct one is found.

Social Engineering: Manipulating people psychologically into revealing confidential information. Phishing is a form of social engineering.

Eavesdropping: Secretly listening to or intercepting private network communications.

Security Measures

Firewall: Hardware or software that monitors and controls incoming and outgoing network traffic based on predefined security rules. Acts as a barrier between a trusted internal network and untrusted external networks.

Antivirus / Anti-malware Software: Detects, quarantines, and removes malware by scanning files against a database of known malware signatures and using heuristic analysis.

  • Encryption: The process of converting plain text (readable data) into cipher text (unreadable scrambled data) using a mathematical algorithm and a key. Only someone with the correct decryption key can read the data.
  • Symmetric Encryption: Same key used for both encryption and decryption. Fast but key distribution is a challenge. Examples: AES, DES.
  • Asymmetric Encryption (Public Key Cryptography): A pair of keys — a public key (shared openly) and a private key (kept secret). Data encrypted with the public key can only be decrypted with the corresponding private key. Example: RSA. Used in HTTPS and email signing.

SSL / TLS: Secure Sockets Layer / Transport Layer Security — protocols that encrypt data between a browser and web server. Indicated by HTTPS and a padlock icon in the browser.

Digital Signature: A cryptographic technique that verifies the authenticity and integrity of a message or document. The sender signs with their private key; recipients verify with the sender's public key.

Two-Factor Authentication (2FA): Requires users to provide two different forms of identification (e.g., password + OTP sent to phone) before access is granted.

Strong Passwords: Passwords should be long (at least 8 characters), contain a mix of uppercase, lowercase, numbers, and special characters, and should not be reused.

Security Patches and Updates: Regularly updating software to fix known vulnerabilities that attackers could exploit.

Backup: Regularly copying important data to a separate location (external drive, cloud) to recover from data loss due to attack, hardware failure, or accidental deletion.

VPN (Virtual Private Network): Creates an encrypted tunnel over a public network, allowing secure remote access and hiding the user's IP address.

Intellectual Property Rights and Cyber Law

Intellectual Property (IP): Creations of the mind — inventions, software, artistic works, names, images used in commerce.

Copyright: Legal right that protects original works (books, music, software) from being copied or distributed without permission.

Plagiarism: Presenting someone else's work as your own without attribution — an ethical and often legal violation.

IT Act 2000 (India): India's primary cyber law, providing legal recognition to electronic transactions and defining cyber crimes and their penalties.

Cyber Ethics and Safe Practices

  • Never share passwords or OTPs.
  • Download software only from official, trusted sources.
  • Be cautious of unsolicited emails with attachments or links.
  • Use a VPN on public Wi-Fi networks.
  • Regularly update operating systems and applications.
  • Report cyber crimes to local authorities or www.cybercrime.gov.in (India).

Common mistakes

  • Confusing a virus (needs a host file, human action to spread) with a worm (self-spreads automatically).
  • Thinking a firewall stops all attacks — it does not stop malware that arrives via email or downloads.
  • Confusing encryption (scrambles data) with hashing (one-way, used for password storage).
  • Assuming HTTPS means a website is safe — it only means the connection is encrypted, not that the site itself is trustworthy.

Summary

Cyber threats range from malware and phishing to DoS attacks and SQL injection. Defence strategies include firewalls, antivirus software, encryption, 2FA, and regular updates. Understanding both attack types and countermeasures is essential for CBSE board exams and responsible digital citizenship.

Practice Problems

15 questions with instant feedback.

Question 1 of 15Score 0

Which type of malware replicates itself and spreads automatically across a network without attaching to a host file?