1. The three types of addresses used on the internet is; 1. E-mail addresses 2. Web site URL addresses 3.

Internet protocol (IP) addresses of individual computers attached to a network.

2. Every email user on the Internet has a unique e-mail address that identifies an electronic post office box on a network where e-mail can be sent. Different types of networks have different formats for e-mail addresses. On the Internet, all e-mail addresses have a similar form. All addresses must have a user name and a domain. For example, an email address at Unikl might look like this: itccmail@unikl.edu. The first part of the address <itccmail> is also known as the user name. This is the unique name recognized by the mail server. The @ symbol separates the unique user name from the domain. The domain in this case is stedwards.edu. The domain name may also be broken down into parts. Understanding the parts of the domain name is helpful in deciphering the origin of an email address. The last part of the address, <edu>, is the top-level domain (TLD) in the hierarchical Domain Name System. Examples of top-level domains include: gov - Government agencies edu - Educational institutions org - Organizations (nonprofit) mil - Military com - Commercial business net - Network organizations

3. The World Wide Web (WWW) is a subset of the Net--a collection of interlinked documents that work together using a specific Internet protocol called Hypertext Transfer Protocol (HTTP). In other words, the Internet exists independent of the Web, but the Web can't exist without the Internet. Web pages are written in Hypertext Markup Language (HTML), which tells the Web browser what to display. The significant feature of the Web is its ability to link pages to one another. Just click a link, and you're at a Web site on the other side of the world.

4. IP spoofing refers to connection hijacking through a fake Internet Protocol (IP) address. IP spoofing is the action of masking a computer IP address so that it looks like it is authentic. During this masking process, the fake IP address sends what appears to be a malevolent message coupled with an IP address that appears to be authentic and trusted. In IP spoofing, IP headers are masked through a form of Transmission Control Protocol (TCP) in which spoolers discover and then manipulate vital information contained in the IP header such as IP address and source and destination information. 5. There are three parties in smurf attack: the attacker, the intermediary, and the victim. The intermediary receives an ICMP echo request packet directed to the IP broadcast address of their network. If the intermediary does not filter ICMP traffic directed to IP broadcast addresses, many of the machines on the network will receive this ICMP echo request packet and send an ICMP echo reply packet back. When (potentially) all the machines on a network respond to this ICMP echo request, the result can be severe network congestion or outages. When the attackers create these packets, they do not use the IP address of their own machine as the source address. The victim is subjected to network congestion that could potentially make the network unusable

6. In response to customer demand for evidence that a Web based business is trustworthy, a number of trusted third party organizations are offering seals of assurance that businesses can display on their Web site home pages. To legitimacy bear the seal, the company must show that it complies with certain business practices, capabilities and controls. 6 seal granting organizations is Better Business Bureau, TRUSTe, Veri-Sign, Inc, International Computer Security Association, AICPA/CICA Web Trust, AICPA/CICA SysTrust.

7. A digital certificate is like an electronic identification card that is used in conjunction with a public key encryption system to verify the authenticity of the message sender. Trusted third parties known as certification authorities (CAs) issue digital certificate, also call digital IDs. The digital certificate is actually the senders public key that the CA has digitally signed. The digital certificate is transmitted with the encrypted message to authenticate the sender. The receiver uses the the CAs public key to decrypt the senders public key which is attached to

the message and then uses the senders public key to decrypt the actual message. A digital signature is used to verify a message. It is basically an encrypted hash of the message. The recipient can check if the message was tampered with by hashing the received message and comparing this value with the decrypted signature. To decrypt the signature, the corresponding public key is required. A digital certificate is used to bind public keys to persons or other entities if there were no certificates, the signature could be easily be forged, as the recipient could not check if the public key belongs to the sender. The certificate itself is signed by a trusted third party, a Certificate Authority like VeriSign.

8. Distinguish between a network-level firewall and an application- level firewall. Network level firewall Provides basic screening of low security message and routes them to their destinations based on the source and destination addresses attached. Example e-mail. Network firewalls are typically used when speed is essential. Since packets are not passed to the application layer and the contents of the packet are not being analyzed, packets can be processed quicker Network level firewalls run on an access control list and do not provide the same high level of protection that application firewalls do, since they cannot monitor the contents of packets. Application level firewall Provides high level network security. These firewall are configured to run security applications called proxies that perform sophisticated functions such as verifying user authentications They view information as a data stream and not as a series of packets. In this way, they are able to scan information being passed over them and to ensure that the information is acceptable, based on its own set of rules Support the ability to report to intrusion detection software. This allows third party software to take control of an intrusive situation and perform tasks above the capabilities of the firewall itself. This is useful if you want to monitor a hacker once they get inside instead of just blocking them or have the system send a page when an intrusion is detected

9. Two types of risk associated with internet commerce are intranet risk and internet risk. Intranet risk contains the interception of network messages, access to corporate database, privileged employees and reluctance to prosecute. Meanwhile the internet risk contains of risk to costumers and risk to business.