📌 Snapshot
- The foundational concepts of network security: connected systems are inherently vulnerable, and they face a range of threats.
- Major categories of malware (Virus, Worm, Ransomware, Trojan, Spyware, Adware, Keylogger) have precise technical distinctions that NTA tests heavily.
- Protective technologies — antivirus detection methods, firewalls, HTTPS, and cookies — go deep enough for application-level MCQs.
- Hackers are classified into White Hat, Black Hat, and Grey Hat types, a favourite NTA distinction question.
- Network security threats (DoS, DDoS, Intrusion, Snooping, Eavesdropping) are covered in Section 12.9, rounding out all angles of threat and defence that CUET tests.
📖 Detailed Notes
2.1 Core concepts
- Network security is concerned with protection of devices and data from illegitimate access or misuse; threats include all ways to exploit vulnerabilities in a network or communication system. (NCERT §12.1, p. 223)
- A computer with no external link is free from network security threats, but staying disconnected is not a practical solution in a fully connected world. (NCERT §12.1, p. 223)
- Malware (MALicious softWARE) is any software developed with an intention to damage hardware, steal data, or cause trouble to the user; types include Viruses, Worms, Ransomware, Trojans, Spyware, Adware, and Keyloggers. (NCERT §12.2, p. 224)
- A Virus is a piece of software code that performs malicious activities and hampers CPU time, memory, personal files, or sensitive information; it spreads by copying/inserting its code into executable files and remains dormant until a user opens the infected file. (NCERT §12.2.1, p. 224)
- The term "computer virus" was coined by Fred Cohen in 1985; well-known examples include CryptoLocker, ILOVEYOU, MyDoom, Sasser, Netsky, Slammer, and Stuxnet. (NCERT §12.2.1, p. 224)
- A Worm is standalone malware that does not need a host program; unlike a virus it self-replicates without human triggering and spreads through the network. Examples: Storm Worm, Sobig, MSBlast, Code Red, Nimda, Morris Worm. (NCERT §12.2.2, p. 224–225)
- Ransomware targets user data — it either blocks access or threatens to publish data online and demands ransom payment; WannaCry (May 2017) infected ~200,000 computers across 150 countries and demanded Bitcoin payment. (NCERT §12.2.3, p. 225)
- A Trojan looks like legitimate software but once installed acts like a virus or worm; it does NOT self-replicate, spreads only through user interaction (email attachment, file download), and may create backdoors. (NCERT §12.2.4, p. 225–226)
- Spyware gathers information about a person/organisation without their knowledge, records it, and sends it to an external entity; it can track internet usage, credit card details, login credentials, and personal identity. (NCERT §12.2.5, p. 226)
- Adware generates revenue for its developer by displaying advertisements via pop-ups, web pages, or installation screens; it is usually annoying but harmless, yet often paves way for other malware. (NCERT §12.2.6, p. 226–227)
- A Keylogger records every key pressed on a keyboard and may send that log to an external entity; it can be software-based malware or hardware-based (thin transparent keyboard placed atop the actual keyboard). Using an online virtual keyboard randomises the key layout each session, making keylogging very difficult. (NCERT §12.2.7, p. 227–228)
- On-screen keyboard uses a fixed QWERTY layout (exploitable by keylogger software); online virtual keyboard randomises the key layout every time it is used, making it safer against keyloggers. (NCERT §12.2.7, p. 227–228)
- Malware distribution channels: Downloaded from the Internet, Spam Email (unsolicited email with embedded hyperlinks/attachments), Removable Storage Devices (pen drives, SSD cards, mobile phones), and Network Propagation (worms). (NCERT §12.2.8, p. 228)
- Common signs of malware infection include: frequent pop-ups, changed browser homepage, mass emails sent from your account, unusually slow computer, unknown programs starting up, programs opening/closing automatically, sudden lack of storage space, programs/files appearing or disappearing. (NCERT §12.2.9, p. 229)
- Antivirus (anti-malware) software was initially developed to detect and remove viruses; it now covers prevention, detection, and removal of a wide range of malware. (NCERT §12.3, p. 230)
- Five antivirus detection methods: (A) Signature-based — uses Virus Definition File (VDF); (B) Sandbox detection — executes suspected file in a virtual environment; (C) Data mining techniques — uses ML to classify files as benign/malicious; (D) Heuristics — compares source code against known virus patterns in heuristic database; (E) Real-time protection — anti-malware runs in background and monitors active memory. (NCERT §12.3.1, p. 230–231)
- Spam is unsolicited bulk digital communication (most commonly email); email services like Gmail and Hotmail use automatic spam detection algorithms. (NCERT §12.4, p. 231)
- HTTP (Hyper Text Transfer Protocol) sends data as-is over the network, leaving it vulnerable to hackers; suitable for public information websites. HTTPS (Hyper Text Transfer Protocol Secure) encrypts data before transmission and decrypts at the receiver end; HTTPS websites require an SSL Digital Certificate. (NCERT §12.5, p. 231–232)
- A Firewall is a network security system that protects a trusted private network from unauthorised access or traffic from an untrusted outside network; it can be implemented in software, hardware, or both and acts as the first barrier against malware. (NCERT §12.6, p. 232)
- Types of Firewall: (1) Network Firewall — placed between two or more networks, monitors inter-network traffic; (2) Host-based Firewall — placed on a single computer, monitors traffic to and from that machine. (NCERT §12.6.1, p. 233)
- A Cookie (derived from "magic cookie" in Unix) is a small file or data packet stored by a website on the client's computer; edited only by the website that created it. Used to store browsing info: shopping cart items, login credentials, language preference, search queries, etc. (NCERT §12.7, p. 233)
- Types of cookies: Session cookies (track current session, auto-terminate on time-out), Authentication cookies (check if user is already logged in). "Zombie cookies" get recreated after being deleted; "supercookies" can disguise as malware. Third-party cookies track users across websites for advertising. (NCERT §12.7.1, p. 233–234)
- Hackers and Crackers have thorough knowledge of computer systems, OS, networks, and programming to find loopholes and gain unauthorised access. (NCERT §12.8, p. 234)
- White Hat hackers (Ethical Hackers) use their knowledge to find and fix security flaws; organisations hire them. (NCERT §12.8.1, p. 234)
- Black Hat hackers (Crackers) use knowledge unethically to break the law and exploit system flaws. (NCERT §12.8.2, p. 234)
- Grey Hat hackers hack systems for the fun of it — not for monetary or political gain; they are neutral. A hacktivist is a hacker aiming to bring about political and social change. (NCERT §12.8.3, p. 234–235)
- Denial of Service (DoS) attack floods a victim's resource with illegitimate requests, making it appear busy and unavailable to legitimate users; can target web servers, email servers, network storage, or connections. (NCERT §12.9.1, p. 235)
- DDoS (Distributed DoS) uses compromised computers (Zombies) distributed across the globe, controlled via malicious "Bot" software forming a "Bot-Net"; much harder to counter than a simple DoS because attacks come from multiple distributed sources. (NCERT §12.9.1, p. 235)
- Intrusion Problems (§12.9.2): Unauthorised activity on a network; methods include Asymmetric Routing (sending packets through multiple paths to bypass sensors), Buffer Overflow Attacks (overwriting memory with malicious code), and Traffic Flooding (flooding the intrusion detection system with packets). (NCERT §12.9.2, p. 236)
- Snooping (also called Sniffing) is the secret capture and analysis of network traffic; the snooping device reproduces exact traffic packets back into the channel so nothing appears to have happened. Network hubs/switches have a SPAN (Sniffer Port Analyser) function. (NCERT §12.9.3, p. 236–237)
- Eavesdropping is an unauthorised real-time interception of private communication between two entities over a network; targets include VoIP calls, instant messages, video conferences, and fax transmissions. Unlike snooping (store for later analysis), eavesdropping happens in real time. (NCERT §12.9.4, p. 237–238)
2.2 Definitions to memorise
| Term | Definition | Page |
|---|---|---|
| Malware | Any software developed with intention to damage hardware, steal data, or cause trouble; short for MALicious softWARE | 224 |
| Virus | Piece of software code that performs malicious activities; spreads by copying code into executable files; needs human triggering | 224 |
| Worm | Standalone malware that self-replicates and spreads through networks without human triggering or a host program | 224–225 |
| Ransomware | Malware that blocks user access to their data or threatens to publish it and demands ransom payment | 225 |
| Trojan | Malware disguised as legitimate software; does not self-replicate; spreads via user interaction; may create backdoors | 225–226 |
| Spyware | Malware that gathers and sends user information to an external entity without the user's knowledge or consent | 226 |
| Adware | Malware that displays online advertisements via pop-ups/web pages to generate revenue for its developer | 226–227 |
| Keylogger | Malware (or hardware device) that records keystrokes and sends them to an external entity | 227 |
| Virus Definition File (VDF) | Signature database used by antivirus software containing known virus signatures; must be updated continuously | 230 |
| Spam | Any unsolicited bulk digital communication (email, messages, ads); most widely recognised form is email spam | 231 |
| HTTP | Hyper Text Transfer Protocol; transmits data as-is over the network without encryption | 231 |
| HTTPS | Hyper Text Transfer Protocol Secure; encrypts data before transmission; requires SSL Digital Certificate | 231–232 |
| Firewall | Network security system protecting a trusted private network from unauthorised access from an untrusted network | 232 |
| Cookie | Small file or data packet stored by a website on the client's computer to retain browsing information | 233 |
| DoS | Denial of Service; attack that floods a resource with illegitimate requests to make it unavailable to legitimate users | 235 |
| DDoS | Distributed Denial of Service; DoS attack using a network of compromised Zombie computers (Bot-Net) | 235 |
| Snooping / Sniffing | Secret capture and analysis of network traffic by malicious users or for network troubleshooting | 236–237 |
| Eavesdropping | Unauthorised real-time interception of private communication between two entities over a network | 237–238 |
| White Hat Hacker | Ethical hacker who uses knowledge to find and fix security flaws; hired by organisations | 234 |
| Black Hat Hacker | Cracker who exploits system flaws unethically and illegally | 234 |
| Hacktivist | Hacker who aims to bring about political and social change | 234 |
| Bot-Net | A network of compromised "Zombie" machines used to launch DDoS attacks | 235 |
| Zombie | A compromised computer remotely controlled by an attacker | 235 |
| Sandbox | Isolated virtual environment used to safely execute and analyse suspicious files | 230 |
| Heuristic Database | Repository of known virus code patterns used in heuristic detection | 231 |
| SSL Digital Certificate | Cryptographic certificate required for HTTPS-enabled websites | 232 |
| Buffer Overflow | Intrusion attack that overwrites memory with malicious code | 236 |
| SPAN port | Sniffer Port Analyser function on a network device used for traffic capture | 237 |
| Backdoor | Hidden access mechanism left by a Trojan for later exploitation | 226 |
| WannaCry | 2017 ransomware that infected ~200,000 machines and demanded Bitcoin | 225 |
| Fred Cohen | Researcher who coined the term "computer virus" in 1985 | 224 |
| Real-time protection | Anti-malware mode that monitors active memory continuously | 231 |
| Authentication cookie | Cookie used to remember a logged-in user across requests | 233 |
| Third-party cookie | Cookie set by a domain other than the one in the address bar; used for tracking | 234 |
2.3 Diagrams / processes to remember
- Figure 12.1: A ransomware (p. 225) — Illustrates the "pay for unlock" concept; reinforces how ransomware holds data hostage and demands payment.
- Figure 12.2: A Trojan horse (p. 226) — Visual analogy of the wooden horse of Troy; helps remember that a Trojan appears legitimate on the outside but hides malicious code inside.
- Figure 12.3: QWERTY keyboard layout (On-Screen Keyboard) (p. 227) — Shows the fixed layout that keylogger software can exploit.
- Figure 12.4: Online virtual keyboard (p. 228) — Shows the SBI Online banking page with "Enable Virtual Keyboard" option; illustrates randomised layout as a defence against keyloggers.
- Figure 12.5: A firewall between two networks (p. 232) — Shows LAN on one side, WAN on the other, with the firewall brick wall in between; key for understanding Network Firewall placement.
- Figure 12.6: Eavesdropping (p. 237) — Shows an attacker intercepting communication between two computers in real time; contrasts with snooping (store-and-replay).
2.4 Common confusions / NTA trap points
- Virus vs. Worm: A virus needs a host program and human triggering (user must open the infected file); a worm is standalone and self-replicates through the network without any human action. NTA regularly tests this distinction.
- Trojan vs. Virus: A Trojan does NOT self-replicate or infect other files; it relies entirely on user interaction (e.g., opening an email attachment). Students confuse Trojans with viruses because both cause harm once active.
- Snooping vs. Eavesdropping: Snooping captures and stores network traffic for later analysis (not real-time); eavesdropping is real-time interception. NTA likes "Which of the following is correct about snooping/eavesdropping?" questions.
- DoS vs. DDoS: In DoS a single attacker floods the target; in DDoS the requests come from many compromised Zombie machines forming a Bot-Net. A simple DoS can be countered by blocking one IP source; DDoS cannot because it comes from multiple distributed locations.
- On-screen keyboard vs. Online virtual keyboard (NCERT §12.2.7, p. 227-228). On-screen keyboard has a fixed QWERTY layout (exploitable); online virtual keyboard randomises layout each time (safe against keyloggers).
- Cookies are NOT malware (NCERT §12.7, p. 233). They are storage files; third-party cookies can be invasive but cookies themselves are not viruses.
- HTTPS requires SSL Certificate (NCERT §12.5, p. 232). Browser shows a padlock icon when an SSL Cert is present.
- Firewall ≠ antivirus (NCERT §12.6, p. 232). A firewall filters traffic; antivirus detects/removes malware in files.
- Adware vs Spyware (NCERT §12.2.5-6, p. 226-227). Adware shows ads; spyware steals info silently. NTA distractor: claims adware steals data.
- DDoS uses many sources (NCERT §12.9.1, p. 235). Blocking one IP cannot stop it.
- VDF must be updated (NCERT §12.3.1, p. 230). Outdated antivirus misses new variants.
🎯 Practice MCQs
First 3 questions free · create a free account to unlock the rest — answers & explanations included, no payment needed
Q1. Which of the following correctly distinguishes a computer worm from a computer virus?
▸ Show answer & explanation
Answer: B
The NCERT explicitly states that a worm is a standalone program that replicates on its own through the network, while a virus needs a host (executable file) and is activated only when a user opens the infected file. Option A reverses the definitions, a classic NTA distractor. ---
Q2. Consider the following statements about antivirus detection methods: **Statement I:** In signature-based detection, the antivirus uses a Virus Definition File (VDF) containing known virus signatures, which must be updated on a real-time basis. **Statement II:** In sandbox detection, a new application is executed in the actual system environment so its behaviour can be observed under real conditions. Which of the above statements is/are correct?
▸ Show answer & explanation
Answer: A
Statement I is correct — the VDF must be updated continuously. Statement II is wrong — sandbox detection executes the file in a virtual (sandbox) environment, NOT the actual system, precisely to keep real system resources safe. ---
Q3. WannaCry, the 2017 ransomware that infected approximately 200,000 computers across 150 countries, extracted money from its victims by:
▸ Show answer & explanation
Answer: B
The NCERT specifically states WannaCry worked by encrypting data and demanding ransom in Bitcoin. Options A and C describe different malware types (spyware/keylogger and spyware respectively); D describes adware. ---
🔒 12 more practice MCQs
Create a free account to unlock every MCQ in this chapter — answers and explanations included. No payment needed.
Already registered? Just log in and they'll all appear here.
Q4. Match the following types of hackers with their correct descriptions: | Column A | Column B | |---|---| | (i) White Hat | (P) Hack systems for fun, without monetary or political motive | | (ii) Black Hat | (Q) Hired by organisations to identify and fix security vulnerabilities | | (iii) Grey Hat | (R) Exploit system flaws unethically and illegally |
▸ Show answer & explanation
Answer: A
White Hat hackers are ethical hackers hired to fix flaws (Q); Black Hats exploit flaws illegally (R); Grey Hats hack for the challenge/fun without political or financial gain (P). ---
Q5. Which of the following is the key difference between HTTP and HTTPS?
▸ Show answer & explanation
Answer: B
The NCERT states HTTP does not scramble data, making it vulnerable; HTTPS encrypts the data before transmission and decrypts at the receiver end, and HTTPS-based websites require an SSL Digital Certificate. Options A, C, and D all contain factually incorrect claims not supported. ---
Q6. Assertion (A): An online virtual keyboard is safer than an on-screen keyboard for entering passwords on unknown computers. Reason (R): An online virtual keyboard randomises the key layout every time it is used, making it very difficult for keylogger software to know or record the key pressed.
▸ Show answer & explanation
Answer: A
The NCERT explicitly states that the online virtual keyboard randomises the key layout every time it is used, thereby making it very difficult for keylogger software to record keys, which is precisely why it is safer. R correctly and completely explains A. ---
Q7. A school network administrator wants to prevent students in the computer lab from accessing the finance server, while allowing the accountant's computer to access it. Which security mechanism, and which specific type, should be deployed?
▸ Show answer & explanation
Answer: C
The NCERT uses exactly this school-LAN scenario to illustrate a Network Firewall: "a rule can be set in the firewall of a school LAN that a student cannot access data from the finance server, while the school accountant can." A Network Firewall monitors traffic between networks based on predefined rules. ---
Q8. Which of the following correctly describes the difference between Snooping and Eavesdropping?
▸ Show answer & explanation
Answer: B
The NCERT explicitly distinguishes them: snooping captures traffic that can be stored for later analysis; eavesdropping is real-time interception. Option C reverses the definitions; D is directly contradicted's separate treatment of the two concepts. --- ---
Q9. The term "computer virus" was coined by:
▸ Show answer & explanation
Answer: B
Q10. Which is an example of ransomware?
▸ Show answer & explanation
Answer: C
Q11. A keylogger:
▸ Show answer & explanation
Answer: A
Q12. Which is NOT a malware distribution channel listed in §12.2.8?
▸ Show answer & explanation
Answer: C
Q13. Network firewalls:
▸ Show answer & explanation
Answer: B
Q14. Assertion (A): DDoS is harder to mitigate than DoS. Reason (R): DDoS attacks come from many compromised Zombie computers distributed globally, so blocking one IP doesn't stop the attack.
▸ Show answer & explanation
Answer: A
Q15. Which kind of cookie is auto-terminated when the user session ends?
▸ Show answer & explanation
Answer: B
📊 Previous-Year Questions
Practise with real CUET Computer Science previous-year papers — every question solved, with the correct answer and a step-by-step explanation.
View solved CUET PYQ papers →Ready to drill Computer Science?
Unlock all MCQs, chapter tests, mocks & PYQs for ₹199/year.
Get UniDrill Pro