Vedanta Let's Log in Computer Class 10 (Revised).indd

Vedanta Let’s Log in Computer Science | Book 10

Digital Footprint

The present information communication technology has given us an easy and quick
access towards any kind of information or the resources available throughout the
world. Data can be accessed or shared without any restrictions while doing; so,
we do share some of our information in this vast network which remains there
knowingly or unknowingly along with the technology. This shared data is referred
as Digital Footprint.

Digital Footprint means the recording of interaction with the digital world. We
leave behind the digital footprint trail using online technology. These include
digital cameras, i-pods, smartphones, laptops, and computers. Therefore, a digital
footprint is like an invisible report card which is stored for many years. This is a
general reflection of our online activity. Digital Footprints can be used for both
good and bad purpose. The following should be considered while managing digital
footprint:

i. Subscribed accounts and unused social media Digital Footprint
accounts which are no longer in use should be
unsubscribed or deleted. (from the user side, we
delete it but in server-side, we cannot be assured
that it is deleted)

ii. Ensure the content posted protect your privacy.
iii. Do not forget that all online posts are not private.

Take note that parents, teachers, and other people
can view the content you have posted.
iv. Ensure the content posted does not damage your or
others' reputation.
v. Use Strong Passwords to protect your account so
that others cannot hack your account.

Cyberbullying Cyberbullying

Cyberbullying is an act of harassing,
humiliating, threatening others again and
again, using digital-communication tools such
as the internet, computers, cell phones, and
other devices, by either sending hurtful texts
or instant messages or posting embarrassing
photos or videos on social media or spreading
rumours online or with cell phones.

51 Approved by Curriculum Development Centre, Sanothimi, Bhaktapur

Vedanta Let’s Log in Computer Science | Book 10

Most often, it is sustained and repeated over a period of time. But whether it's
sharing one humiliating photo or thousands of harmful text messages, it can
damage a young person's feelings, self-esteem, reputation and mental health.
Consequences of cyberbullying can be very serious. It can be emotionally damaging
and even lead to a tragic accident.

Unlike face-to-face bullying, cyberbullying can reach a victim anywhere at any
time. As it can spread quickly, to a wide audience, you might be surprised to learn
that most teens today have been involved in some way or other, either as a target,
as a bully, as a silent observer, or as someone who participates on the sidelines and
becomes part of the problem without realizing what they are doing.

The range of cyberbullying tactics is wide: it is continually changing as new
technology emerges and different social networking sites.

Here are some of the common ways in which cyberbullying takes place among young
people:

Sending mean or threatening messages by email, text, or through comments
on a social networking page.
Spreading embarrassing rumours, secrets or gossip about another person
through social networking sites, email, or texts.
Taking an embarrassing picture or video of someone with a digital camera
and sending it to others or posting it online without their knowledge or
permission.
Posting online stories, pictures, jokes, or cartoons that are intended to
embarrass or humiliate.
Tricking someone to open up and share personal information and then sharing
the information widely with others.
Creating online polls and rating people in negative, mean ways.

Cyber Law

With the development of the internet, the access of people in the computers worldwide
has increased. It has provided many new opportunities. But along with these new
opportunities, people were trying to take advantage of these developments to harm
others. That is the reason cyber law is required. A law should not be considered as
a tool to punish the wrong doers but it is a tool to define how the activities shall
be carried out in an acceptable way to all stakeholders. Laws are prepared by the
state and enforced by the state machinery. Absence of proper law makes it difficult
for the authorities to regulate and control the activities.

Approved by Curriculum Development Centre, Sanothimi, Bhaktapur 52

Vedanta Let’s Log in Computer Science | Book 10

Cyber law describes the legal issues
related to using of inter-networked
information technology. Cyber law is a
term that encapsulates the legal issues
related to the use of communicative,
transactional, and distributive aspects
of networked information devices and
technologies.

Cyber law is not one law but it is a
set of different laws meant to control
and regularize the activities taking
place over the internet.) Some leading Cyber Law

topics of cyber law include intellectual
property, privacy, freedom of expression, and jurisdiction.

IT Policy 2072

Information technology (IT) is the use of any computers, storage, networking, and
other physical devices, infrastructure and processes to create, process, store, secure,
and exchange all forms of electronic data. IT includes several layers of physical
equipment (hardware), virtualization and management, or automation tools,
operating systems and applications (software) used to perform essential functions
such as laptops, smartphones, etc. Combination of information technology and
telecommunication technology is called information communication technology
(ICT).

Nepal's
National Information and
Communication Technology

ICT Policy, 2072 (2015)

IT Policy 2072

The government of Nepal revised the former policy and came up with the
Information Communication Policy 2072 (2015) intending to regulate Information
Communication Technology as a whole. This policy emphasizes the need for a precise
and consistent enactment and regulatory framework for addressing converged
regime of telecommunications, broadcasting, and ICT. The use of ICT can make
the government more efficient and effective, facilitate more accessible government

53 Approved by Curriculum Development Centre, Sanothimi, Bhaktapur

Vedanta Let’s Log in Computer Science | Book 10

services, allow greater public access to information, and make government more
accountable. It is the most cost-effective tool in improving public service delivery
and government to government (G2G) communication.

This policy is primarily designed to guide and mainstream the use of ICTs in
all sectors of the Nepalese economy within the overall context of socio-economic
development and poverty reduction agenda pursued by the country. The policy
states that appropriate programs are developed and implemented to improve
following sectors like education, agriculture, health, research and development,
industry, promotion of e-Commerce, tourism, cloud computing, telecommunication
and so on through the use of ICTs.

The following are the few goals the policy envisages to achieve:
i. Enhancement of overall national ICT readiness with the objective of being at

least in the top second quartile of the international ICT development index
and e-Government rankings by 2020
ii. 75 per cent of the population to have digital literacy skills by the end of 2020
iii. Universal broadband access to all people on an equitable basis to be in place
and by 2020, 90 per cent of the population to have access to broadband services
iv. The role and significance of ICT industries and services (including telecom
services) to increase in the Nepali economy with ICT value-added (including
digital content and service industry) accounting for at least 7.5% per cent of
GDP by 2020
v. Apex level institutional arrangement to be restructured to effectively
drive ICT agenda in the country in the light of emerging technologies and
application trends shaping the sector
vi. By 2020, the entire population of Nepal to have access to internet
vii. 80% of all citizen-facing government services to be offered online by 2020
viii. e-Procurement to be promoted as means of driving transparency through
government procurement processes covering all public procurement of goods
and services irrespective of cost and volume of such procurements by 2018
ix. G2G implementation to be promoted to achieve complete automation of the
operations of land administration, revenue administration and management,
vital registration, passport and citizenship certificate services by 2020

Electronic Transaction Act (ETA)

Electronic Transaction Act (ETA) deals with issues related to cybercrime and also
helps in making laws and implementing them over cybercrime. It has different

Approved by Curriculum Development Centre, Sanothimi, Bhaktapur 54

Vedanta Let’s Log in Computer Science | Book 10

requirements so that if anyone found committing cybercrime, they will be punished
according to the nature of the crime.
The legal provisions for authentication and regularization of the recognition,
validity, integrity, and reliability of generation, production, processing, storage,
communication and transmission system of electronic records by making the
transactions to be carried out by means of electronic data exchange or by any other
means of electronic communications, reliable and secured and for controlling the
acts of unauthorized use of electronic records or of making alteration in such records
through the illegal manner ETA has been enacted to regulate electronic business.

Opportunities in Social Media

Social media may take the form of a variety of tech-enabled activities. These
activities include photo sharing, blogging, social networks, video sharing, business
networks, virtual worlds, etc. Social media is used to keep in touch with friends
and family for the individual. People use various social media applications to
network career opportunities and share their thought, feelings, insight, and
emotions. Social media is an indispensable tool for business. Companies use the
platform to find and engage with customers, drive sales through advertising and
promotion, and offering customer service or support. Some of the opportunities and
benefits of social media are as follows:

Revenue

The clearest opportunity is to generate revenue. This can be done through
advertising products or services within the social media platform. To advertise in
social media, the ads can be linked to social media page or website. This can be able
to benefit from social media without needing to have a channel.

Brand development

Using social media allows customers to connect and interact with the business on a
more personal level. If you already have an established brand, social media might
be an opportunity to further develop the brand.

Target audience

Customers can find you through social media platforms. We can choose to
maintain a presence on particular platforms that are in line with the target
audience. For example, if targeting young people, you could reach them through
Snapchat. If seeking business customers, LinkedIn may be the best channel.

55 Approved by Curriculum Development Centre, Sanothimi, Bhaktapur

Vedanta Let’s Log in Computer Science | Book 10

Customer interaction

You can deliver improved customer service and respond effectively to feedback.
Public's positive feedback can be persuasive to other potential customers. Negative
feedback highlights areas for improvement.

Attracting customers

Social media can be a good way of attracting new customers. When considering
social media campaigns, you could try to attract followers with promotions or
giveaways. Once you have a good following, you can focus on more personalized
social media campaigns to encourage them to stay.

Research

Social media is not suited to your business or that you do not have the time, simply
logging on to see what your competitors are doing in this space, or finding out what
your customers are saying about you might be a valuable exercise.

Opportunities and Threats in Social Media

1. Social Engineering

Social media platforms allow attackers to find personal information that can
be used to target specific individuals. Using information from employee profiles, a
plausible fake account can be created to establish trust over time. Once the trust is
built, the attacker might start asking for specific information, like internal server
names, project names, or even have the new friend open an infected document or
visit a prepared website that drops a backdoor onto their computer.

Social Media threats

Approved by Curriculum Development Centre, Sanothimi, Bhaktapur 56

Vedanta Let’s Log in Computer Science | Book 10

2. Targeted Phishing Attacks Phishing

Such attacks are carried out to steal
money or confidential information, as was
the case with the Hydraq attacks in early
2010 that compromised critical information
of several multinational companies. This
social media threat is an example of social
engineering tactics, whereby attackers
exploit fear and anxiety, instead of system
vulnerability to get users to part with their
money. Since these attacks are so specific
and targeted, the chances of success are
higher.

3. Fake Accounts

In July 2010, a fake profile named Robin Sage was actively pushed to request
connections to random people, which most people accepted without knowing
who the fictitious woman was. The seriousness of such social media threats gets
underscored when one considers that the fake account in this case, was successful in
connecting with hundreds of people from various organizations, including military,
government, and security firms.

4. Social Media Used for Spreading Spam and Malware

Social networking sites like Twitter and Facebook are often used to spread
malware. The growing popularity of shortened URLs is also giving rise to several
social media threats. Cyber criminals often mask their links with a short URL
making it difficult for the user to identify whether it is pointing to a legitimate or
malicious site. This threat is a real possibility for social bookmarking and micro
blogging sites, which are used to spread links and news in a very short period.

5. Confidential Information Leak

The scariest of social media threats is where employees start revealing
seemingly uncritical technical information to the public. This could be a Twitter
comment stating that the user is fed up configuring a particular firewall product
at work or a status message indicating that the user finally found a way around
a Web proxy product being used, and is now able to post to his profile again. An
attacker could use this information to identify the security software of the user or
the company.

57 Approved by Curriculum Development Centre, Sanothimi, Bhaktapur

Vedanta Let’s Log in Computer Science | Book 10

POINTS TO REMEMBER

Ethics generally refers to the principles to make the decisions to lead our society or
an individual for a better life.

Ethics derived from the Greek word “ethos”.

There are so many social networking sites, most of the people are connected to at
least one.

Computer ethics is a set of moral principles or code of conducts that regulate the use
of computers systematically without making harm to other users.

Cyber ethics is a code of behavior for using the internet.

Laws are formal written directives that apply to everyone, interpreted by the judicial
system, and enforced by the police.

Hacking is generally considered as a criminal activity and the individuals who are
engaged in hacking are called hackers.

Ethical hacking is to evaluate the security of and identify vulnerabilities in systems,
networks or system infrastructure.

Hackers use tools to steal or destroy information whereas ethical hackers use the
same tools to safeguard systems from “hackers with malicious intent”

Ethical Hacking is legal and hacking is done with permission from the client.

A digital citizen is a person utilizing information technology (IT) in order to engage in
society, politics, and government.

Digital footprint means the recording of interaction with the digital world.

Digital footprint is like an invisible report card which is stored for many years.

Cyber law describes the legal issues related to using of inter-networked information
technology.

Combination of information technology and telecommunication technology is called
information communication technology (ICT).

The government of Nepal revised the former policy and came up with the Information
Communication Policy 2072 (2015)

Electronic Transaction Act (“ETA”) deals with issues related to cybercrime.

Social media is used to keep in touch with friends and family for the individual.

Social media is an indispensable tool for business.

Approved by Curriculum Development Centre, Sanothimi, Bhaktapur 58

Vedanta Let’s Log in Computer Science | Book 10

xercise

1. Answer the following questions:
a) What are social and ethical issues in information technology?
b) What is computer ethics?
c) Why is ethics important in information technology?
d) Write any four commandments of computer ethics.
e) What is ethical hacking?
f) Give the two differences between hacking and ethical hacking.
g) Define digital citizenship.
h) What is a digital footprint?
i) What is cyber law?
j) Define is cybercrime.
k) Define IT Policy 2072 in short.
l) What is the Electronic Transaction Act?
m) Write any four Opportunities and Threats in Social Media.

2. Fill in the blanks.
a) ........................... derived from the Greek word “ethos”.
b) Computer ethic is also known as ...........................
c) Cyber ethics is a code of behaviour for using the ...........................
d) ........................... is legal and hacking is done with permission from the client.
e) We leave behind Digital Footprint ........................... using online technology.

3. Write the full form of. iv) G2G v) ETA
i) ICT ii) IT iii) B2B

4. Give appropriate technical terms of the followings:
a. A code of behaviour for using the Internet
b. The recording of interaction with the digital world

59 Approved by Curriculum Development Centre, Sanothimi, Bhaktapur

Vedanta Let’s Log in Computer Science | Book 10

c. The legal issues related to using of inter-networked information technology
d. The use of technology as a measure of behaviour responsible for digital society
e. A set of moral principles or code of conducts that regulate the use of computers
f. The issues related to cybercrime and also help in making and implementing laws over

cybercrime

Project Work

1. Make a PowerPoint presentation in a group and present it in the class about “How
we can prevent cyberbullying and safe in cyber space”. [You will have to do much
interviewing with the colleagues in your school.]

2. Make a power point presentation on a topic “Ethical Hacking”.

3. Explain "Opportunities and Threats in Social Media” in a sheet of chart paper.

Approved by Curriculum Development Centre, Sanothimi, Bhaktapur 60

Vedanta Let’s Log in Computer Science | Book 10

Unit Computer Security

1.3

Introduction

Computer security is also known as cyber Computer security
security or IT security. Safeguarding
your computer and its valuable information
is important. Computer has become close
to our life. It is not only different types of
computers that have become part of our life;
but smaller devices like smart phones and
gadgets have become integrated part of our
life. It has opened the door to an infinite
amount of information stored in the clouds.
Thus, it has brought many opportunities.

Computer is no more a machine sitting on
our desk or our lap. There is no sector of society where computer or Information
Technology related products are not used. It is now a part of global system of cyber.
Almost all the computers are connected through the internet. When we are talking
about computer, we are talking about the cyber space where the interconnection
of computers throughout the world makes a virtual world of information system.

A large amount of information now resides in computers. Individual computers as
well as computers that communicate with each other in geographically-restricted
local networks as well as globally via the internet, contain billions of pages of text,
graphics, and other sources of information. Without safeguards, this information
is vulnerable to misuse or theft. Just imagine what your life would be if all your
financial records, academic records, and personal correspondence were suddenly
changed, destroyed, or made public. What would you be willing to do to prevent
this from happening?

You are aware that bikes are stolen every day; so, you probably take measures
such as locking the handle, wheel, parking in a garage, or using an alarm. In the
same way, you should be aware of the threats facing your computer and data, and
take measures to protect them as well. The first step to good computer security is
awareness. You should understand all the dangers that specifically threaten your
computer system.

61 Approved by Curriculum Development Centre, Sanothimi, Bhaktapur

Vedanta Let’s Log in Computer Science | Book 10

Computer security means protecting our computer and its content from damage,
theft or misuse, or natural disaster and action to prevent such incidents. The
expansion and interconnection of computing system globally has also increased
threat in computer security. Nowadays, computer security becomes a part of
broader Cyber Security. At the present time, almost everything is connected to
the internet and provide services online which includes banks, government offices,
universities, companies, and almost everything. This increases the motivation of
the hackers to steal information, resources, and even money from the banks. That
has increased the need of knowledge about the cyber security, commitment to abide
by it and legal provisions to prevent and penalize crimes related to cyber world.

Computer security can take two forms. Software security provides barriers and
other cyber-tools that protect programs, applications, data, and information and
credentials. Hardware security protects the machine and peripheral hardware
from theft and from electronic intrusion and damage.

Information Security

Information security is a set of practices intended to keep data secure from
unauthorized access or alterations, both when it's being stored and when it
is being transmitted from one machine to another. You might sometimes see it
referred to as data security. In the twenty-first century, the most important assets
and efforts to keep information secure have correspondingly become increasingly
important.

Information security policy should include
The purpose of the information security and overall objectives
Definitions used in the document to ensure shared understanding
An access control policy
A password policy
Roles and responsibilities of employees

We store data in hard disk – also in CD, DVD, pen drives or other secondary
media at times. The data should be protected from loss or unauthorized access.
The data is lost when we accidentally delete, our hard disk crashes, or the whole
computer is damaged due to fire, flood, or natural calamities.

Approved by Curriculum Development Centre, Sanothimi, Bhaktapur 62

Vedanta Let’s Log in Computer Science | Book 10

We can protect our data by:
by periodically checking the hard disk and replacing it if it shows failure
symptoms;
by copying data in another external media like external hard disk, pen
drive or DVD disk and storing it in another location which may include the
deposit safe in another room or another branch. This protects your data even
after damage of computer by fire or other natural calamities. This process
of copying data (or even program) in another storage media for safe keeping
purpose is called data backup or backup system. The backed up data can
be brought back or copied back to working location which is called restore.
Nowadays, we can copy important data into online storage devices
which is also called cloud storage. There are many providers who
provide space in the cloud for online storage of our data which include
Dropbox, Google Drive, OneDrive, iCloud. Some of them are free
up to certain size of storage space.
We can also, sometimes, send important files as attachment to our own
mail such as Gmail, AOL, Outlook, Mail.com or Yahoo! Mail. By storing
our files online, we are not only securing them from loss, but we are also
making them accessible from anywhere, even when we do not have our
computer with us. On the other hand, it increases the risk of our data
being accessed by hackers unless we properly secure them.
Another issue of protecting data is preventing them from authorized
access. Unauthorized users may access our data store in our computer
in the cloud storage. To prevent our data from unauthorized access
we have to protect the storage space, folder or file with password.
The application in which we create a file, the operating system of our
computer or the provider of the storage space in the cloud provide ways
of securing our files with password.

Security threats

The entire point of computer security is to eliminate or protect against threats. A
threat is anything that can cause harm. In the context of computer security threats
which can risk program, data, and information at local computer and in the clouds,
a threat can be burglar, a virus, an earthquake, or simple user error. So, we discuss
them here as Cyber Security Threats and in the next section we will discuss some
measures to protect from these threats.

63 Approved by Curriculum Development Centre, Sanothimi, Bhaktapur

Vedanta Let’s Log in Computer Science | Book 10

i) Phishing

Phishing is any deceptive, online attempt by a third party to obtain confidential
information such as usernames, passwords, and credit card details by disguising
oneself as a trustworthy entity in an electronic communication for financial gain.
It is carried out by email spoofing or instant messaging; it often directs users to
enter personal information at a fake website which matches the look and feel of the
legitimate site. It could involve an attachment to an email that loads malware onto
your computer. It could also be a link to an illegitimate website that can trick you
into downloading malware or handing over your personal information.

Phishing

One of the most popular phishing attacks is the e-mail scam letter. Click on a
link in the e-mail and you are taken to a website controlled by the scammer, and
prompted to enter confidential information about your accounts, such as your
account number and PIN codes. On any given day, millions of these phishing
attack e-mails are sent, and, unfortunately, some people are fooled and disclose
their personal account information.

ii) Botnet

A botnet is a logical collection of internet-connected devices such as computers,
sending spam, participating in a DDoS (denial-of-service) attack, stealing information
from computers, smartphones or IoT (Internet of Things) devices whose security
have been breached and control given away to a third party. Each compromised
device, known as a "bot", is created when a device is penetrated by software from a
malware (malicious software) distribution. The controller of a botnet is able to direct

Approved by Curriculum Development Centre, Sanothimi, Bhaktapur 64

Vedanta Let’s Log in Computer Science | Book 10
the activities of these compromised computers through communication channels
formed by standards-based network protocols, such Hypertext Transfer Protocol
(HTTP). Botnets are increasingly rented out by cyber criminals as commodities for
a variety of purposes. The number of botnets operating worldwide is not known; but,
it is estimated to be well into the thousands, controlling millions of computers. Bots
and bot networks are an important threat to the internet and e-commerce because
they can be used to launch very large-scale attacks using many different techniques.

How botnet works Rootkit virus

iii) Rootkit

A rootkit is a malicious code (kit) that
hides in system area provides continued
Administrator's (root) privileged access
to a computer while actively hiding its
presence. Once a rootkit has been installed,
the controller of the rootkit has the ability
to remotely execute files and change system
configurations on the host machine. A rootkit
on an infected computer can also access log
files and spy on the legitimate computer
owner’s usage.

iv) Keylogger

Keylogger is hardware or software
for recording the keys pressed on a keyboard
secretly so that person using the keyboard
does not know that their actions are being

65 Approved by Curriculum Development Centre, Sanothimi, Bhaktapur

Vedanta Let’s Log in Computer Science | Book 10
monitored. Data can then be retrieved by the person operating the logging program.
While the programs themselves are legal, with many of them being designed to
allow employers to oversee the use of their computers, keyloggers are most often
used for stealing passwords and other confidential information.

v) Hacker

A computer hacker is any skilled computer expert who uses her technical
knowledge to overcome a problem. While "hacker" can refer to any skilled computer
programmer, the term has become associated in popular culture with a "security
hacker". Security hackers are people involved with circumvention of computer
security. Among security hackers, there are several types, including:

Black, Grey and White hat Hackers

White hats are hackers who work to keep data safe from other hackers by
finding system vulnerabilities that can be mitigated. White hats are usually
employed by the target system's owner and are typically paid (sometimes
quite well) for their work. Their work is not illegal because it is done with the
system owner's consent.

Black hats or crackers are hackers with malicious intentions. They often
steal, exploit, and sell data, and are usually motivated by personal gain. Their
work is usually illegal. A cracker is like a black hat hacker, but is specifically
someone who is very skilled and tries via hacking to make profits or to benefit,
not just to vandalize. Crackers find exploits for system vulnerabilities and
often use them to their advantage by either selling the fix to the system owner
or selling the exploit to other black hat hackers, who in turn use it to steal
information or gain royalties.

Grey hats include those who hack for fun or to troll. They may both fix
and exploit vulnerabilities, but usually not for financial gain. Even if not
malicious, their work can still be illegal, if done without the target system
owner's consent, and grey hats are usually associated with black hat hackers.

Approved by Curriculum Development Centre, Sanothimi, Bhaktapur 66

Vedanta Let’s Log in Computer Science | Book 10

vi) Drive-by download

Drive-by download attacks are a common method of spreading malware.
Hackers look for insecure websites and plant a malicious script into HTTP or
PHP code on one of the pages. This script might install malware directly onto the
computer of someone who visits the site, or it might re-direct the victim to a site
controlled by the hackers. Drive-by downloads can happen when visiting a website
or viewing an email message or a pop-up window. Unlike many other types of cyber
security attacks, a drive-by does not rely on a user to do anything to actively enable
the attack - you don’t have to click a download button or open a malicious email
attachment to become infected. A drive-by download can take advantage of an App,
operating system or web browser that contains security flaws due to unsuccessful
updates or lack of updates.
To protect yourself from drive-by attacks, you need to keep your browsers and
operating systems up to date and avoid websites that might contain malicious code.

Drive by download

vii) Eavesdropping attack

Eavesdropping attacks
occur through the interception of
network traffic. By eavesdropping,
an attacker can obtain passwords,
credit card numbers, and other
confidential information that a
user might be sending over the
network. Eavesdropping can be
passive or active: Eavesdropping attack

67 Approved by Curriculum Development Centre, Sanothimi, Bhaktapur

Vedanta Let’s Log in Computer Science | Book 10

Passive eavesdropping

A hacker detects the information by listening to the message transmission in
the network.

Active eavesdropping

A hacker actively grabs the information tampering
by disguising himself as friendly unit and
by sending queries to transmitters. This is
called probing, scanning, or tampering. Data
encryption is the best countermeasure for
eavesdropping.

viii) Malicious codes

Malicious code is the kind of harmful computer code or web script designed to
create system vulnerabilities leading to back doors, security breaches, information
and data theft, and other potential damages to
files and computing systems. It is a type of threat
that may not be blocked by antivirus software on
its own. It is an auto-executable application that
can activate itself and take on various forms,
including Java Applets, ActiveX controls, pushed
content, plug-ins, scripting languages, or other
programming languages that are designed to
enhance Web pages and email.
Hacker

The code gives a cybercriminal unauthorized remote access to the attacked system
- called an application back door - which then exposes sensitive company data.
By unleashing it, cybercriminals can even wipe out a computer's data or install
spyware.

Approved by Curriculum Development Centre, Sanothimi, Bhaktapur 68

Vedanta Let’s Log in Computer Science | Book 10

Security Mechanisms

i. Authentication system

The process of identifying an individual usually based on a username and
password. In security systems, authentication is distinct from authorization, which
is the process of giving individuals access to system objects based on their identity.
Let’s discuss about the different authentication system:

a. Password

A password is a memorized secret
used to confirm the identity of a user. In
general, a password is a string of characters
including letters, digits, or other symbols.
If only numbers are allowed in the secret
code, it is called a personal identification
number (PIN). In computer system
password normally comes with a username.
Password

The combination of username and password
that is used to access a resource is often called credentials. Credentials are
required to gain access to our email, restricted sites, banks website to manage
our account, open our computer, and so many other places. We have to keep
the password secure and strong so that unauthorized users may not gain
access to the resource and misuse it with our identity. Following are some of
the tips to make our password secure and strong:

Never share your credentials online.
Do not use easily guessable the name of a pet, child, family member,

birthdays, birthplace, name of a favorite holiday.
Do not use sequence like abcd or 1234 which are, again, easily guessable.
Mix characters, numbers, and symbols. Also mix small and capital

letters.
Avoid using same password in all applications.
Change password periodically.

b. Biometric

Biometrics is the study of measurable biological, or physical,
characteristics. Nowadays, the character or numeric passwords are being
replaced by biometrics authentication. Fingerprints, face detection or

69 Approved by Curriculum Development Centre, Sanothimi, Bhaktapur

Vedanta Let’s Log in Computer Science | Book 10

retina (eye) scan or speech recognition system are being used as biometrics
authentication. Biometrics authentication is considered more secure than
string password.

ii. Firewalls

Firewalls and proxy servers are
intended to build a wall around your
network and the attached servers
and clients, just like physical-world
firewalls protect you from fires for a
limited period of time. When to prevent
unauthorized access of third party in a
private network, firewalls are used. A
firewall is the network security systems
that monitors and controls the traffic
flow between the internet and private Firewalls

network or private computer on the basis of a set of user-defined rules. Firewalls
shelters the computer network of an organization against unauthorized incoming or
outgoing access, and provides the best network security. Firewall can be hardware
firewall, software firewall, or firewall incorporated in Operating System such as
Windows Firewall. An OS incorporated firewall is a component of the Operating
System and we can enable its operation by turning its access on. We can enable
Windows firewall in our computer to protect it from unwanted traffic from the
Internet.

iii. Cryptography

We share data and information with other people and institutions through
the internet. There are many ways we can share files: we can send them as email
attachments, we can share them from online storage spaces. We can also share
them from websites. There are data presented in the form of webpages, downloads
from, and upload to the HTTP or FTP sites, and exchange of data using online
forms.

There is a great risk that these data we have shared through the internet are
accessed by unauthorized users from out cloud storage, or they are intercepted
by hackers during the transmission. There are also risks that the message or
multimedia like pictures or video clips that we share, post, or stream are copied, or
recorded by other party and misused. There are many instances that the private,
sensitive, or objectionable picture or video clips that we share with our social media
friends are captured or recorded, and misused. So, the rule of thumb is not to
share personal and objectionable data though social media or messaging apps.

Approved by Curriculum Development Centre, Sanothimi, Bhaktapur 70

Vedanta Let’s Log in Computer Science | Book 10
We will discuss different methods of stealing data in the internet in the following
section. Here, lets discuss some ways of securing data while storing or transferring
them online.
We can protect our files with strong passwords so that the hacker cannot open it. A
more reliable way is to user cryptography.
Cryptography is the study of secure communications techniques that allow only
the sender and intended recipient of a message to view its contents. The term is
derived from the Greek word “ kryptos”, which means hidden. More generally,
cryptography is about constructing and analyzing protocols that prevent third
parties or the public from reading private messages. Cryptography includes
insuring that data/ message cannot be understood by unauthorized user. There are
different types of cryptography technology used:

Encryption

Encryption is the technology to encode file or message that is being stored or
transferred online in intelligible content which cannot be used by unauthorized
person. The encryption is not meant to prevent interception but it makes the
file or message unusable to the hacker. Authorized user can read or use the
file or message after decrypting it. Generally, encryption is done with the
help of key and the key is made available to the authorized user by another
medium.

Encryption

Decryption

The conversion of encrypted data into its original form is decryption. It is
generally a reverse process of encryption. It decodes the encrypted information

71 Approved by Curriculum Development Centre, Sanothimi, Bhaktapur

Vedanta Let’s Log in Computer Science | Book 10
so that an authorized user can only decrypt the data because decryption
requires a secret key or password.

Decryption

Online Behaviors

The behaviors that we show while working with the online system like browsing
the website or opening the mails also creates threat to our computer system. By
opening unknown attachment from an untrusted source, we may welcome malware
in our computer or may share our credit card number or password of banking app
to the hacker. By following some of the rules given below, we could help to minimize
the threats that we ourselves create to our system:

Lock your computer screen when not in use.
Always keep the privacy setting of your browser ON.
Do not give out personal information like password, credit card number,

phone number online
Do not copy information from the internet and attempt to redistribute it. If

you do copy a book, or music files, you must get permission for the author or
composer first.
Do not open or download any attachments in an email from an unknown
source as they may contain viruses.
Do not download any software from untrusted websites.
Do not browse untrusted sites. Close the site immediately if your antivirus
software or OS security warns you.

Approved by Curriculum Development Centre, Sanothimi, Bhaktapur 72

Vedanta Let’s Log in Computer Science | Book 10

Do not fill out any surveys online that ask for your personal details or bank
details.

Do not let web browsers remember your username and password as this could
leave you open to being hacked.

Do not give anyone remote access to your computer.
Purchase online only from trusted and secure sites.
Never post objectionable or derogative materials
Never click on a link you did not expect to receive.

Malware

The word Malware is short for malicious code. It is a general term used to describe
all of the threats such as viruses, spyware, worms, adware, nagware, Trojan
horses, ransomeware, bots, and pretty much anything that is specifically designed
to cause harm to your PC or steal your information. Sometimes it referred to as an
exploit. It is designed to take advantage of software vulnerabilities in a computer’s
operating system, web browser, applications, or other software components. We
discuss about different types of Malware below:

i. Virus

A virus is a computer program that has the ability to replicate or make
copies of itself, spread to other files, and infect a PC, spreading from one file to
another, and then from one PC to another when the files are copied or shared. Most
viruses attach themselves to executable files, but some can target a master boot
record, autorun scripts, MS Office macros, designed to render your PC completely
inoperable. Or, it may be highly destructive—destroying files, reformatting the
computer’s hard drive, or causing programs to run improperly. The general point
is that a virus is designed to cause havoc and break stuff.

ii. Spyware

Spyware is any software installed on your PC that collects your information
without your knowledge, and sends the information back to the creator so they can
use your personal information in some immoral way. This could include a user’s
keystrokes, copies of e-mail, instant messages, watching your searching habits,
and even take screenshots (and thereby capture passwords or other confidential
data).

73 Approved by Curriculum Development Centre, Sanothimi, Bhaktapur

Vedanta Let’s Log in Computer Science | Book 10

iii. Scareware

Scareware is a relatively new type of attack, where a user is tricked into
downloading what appears to be an antivirus application, which then proceeds to
tell you that your PC is infected with hundreds of viruses, and can only be cleaned
if you pay for a full license. Of course, these scareware applications are nothing
more than malware that hold your PC hostage until you pay the ransom—in most
cases, you can not uninstall them or even use the PC.

iv. Trojan

A Trojan horse appears to be benign, but then does something other than
expected. The Trojan horse is not itself a virus because it does not replicate,
but is often a way for viruses or other malicious code such as bots or rootkits (a
program whose aim is to subvert control of the computer’s operating system) to be
introduced into a computer system. Trojans create a backdoor that allows your PC
to be remotely controlled, either directly or as part of a botnet. The major difference
between a virus and a Trojan is that Trojans do not replicate themselves—they
must unknowingly be installed by a user.

v. Worm

Computer worms use the network to send copies of themselves to other
PCs, usually utilizing a security hole to travel from one host to the next, often
automatically without user intervention. Because they can spread so rapidly across
a network, infecting every PC in their path, they tend to be the most well-known
type of malware. Some of the most famous worms include the ILOVEYOU worm,
transmitted as an email attachment, which cost businesses upwards of 5.5 billion
dollars in damage. The Code Red worm defaced 359,000 web sites, SQL Slammer
slowed down the entire internet for a brief period of time, and the Blaster worm
would force your PC to reboot repeatedly.

vi. Adware

Adware is a software application used by companies for marketing purposes;
advertising banners are displayed while any program is running. Adware can be
automatically downloaded to your system while browsing any website and can be
viewed through pop-up windows or through a bar that appears on the computer
screen automatically.

Approved by Curriculum Development Centre, Sanothimi, Bhaktapur 74

Vedanta Let’s Log in Computer Science | Book 10

Antivirus Software

Antivirus software, nowadays also known as anti-malware, is a computer
program used to prevent, detect, and remove malware.
When there were standalone computers, antivirus software was developed to detect
and remove computer viruses, hence the name. However, with the creation of other
kinds of malware, antivirus software now provide protection from other computer
threats. Today's antivirus software can protect from browser hijackers, keyloggers,
rootkits, Trojan horses, worms, adware, spyware, and many more. Some products
also include protection from other computer threats, such as infected and malicious
URLs, scam, and phishing attacks. There are many antivirus software available in
the market from simple Antivirus software to Internet Security System. The major
consideration to be taken while choosing the antivirus software is its features.
We have to see what threats it can protect our system from. Even product of the
same brand has different variations to provide different types of security. Some
of the popular antivirus programs are Bitdefender Antivirus Plus 2020, Norton
AntiVirus Plus, Webroot SecureAnywhere AntiVirus, ESET NOD32 Antivirus,
F-Secure Antivirus SAFE, Kaspersky Anti-Virus, etc.
There are many viruses and malwares being developed every day. Old Antivirus
program cannot detect and clean new virus of malware. So, we have to ensure that
the Antivirus software we are using has the latest updates. Most of the Antivirus
software now come with online update facility.
We do not need to run the Antivirus software daily. The Antivirus software is
monitoring the traffic coming into our computer and informs us whenever any
suspicious code is coming. The software detects and cleans it. But it is recommended
to run a complete system scan at regular intervals.

Antivirus softwares

75 Approved by Curriculum Development Centre, Sanothimi, Bhaktapur

Vedanta Let’s Log in Computer Science | Book 10

Backing System

You never know when or how data
may be lost. A simple disk error
can do just as much damage as
a hacker might do. And even the
most experienced computer user
occasionally deletes a file or folder by
accident. When such events happen,
you are in trouble if your data are
not backed up. Backup is the system
of copying data and programs into
another location or creating its
duplicate copy in a secured place.
Backups are essential to computer Data backup

security system to save the important data and programs from the accidental or
intentional harm. Any organization that does not maintain backups of data and
information would need to spend resources in re- creating data if data is corrupted.
When data and software are corrupted or lost, we can recover them from the backup
copy. Backups can be kept in different locations such as hard disks, compact disc,
external hard drive, and on the internet. So, backups are an important methods of
data and software security measures against data corruption or loss.

Updating System Software

The Operating System we are using such as Microsoft Windows or Mac OS itself
has many security provisions. As new security threat comes in the market they
update the OS to be able to handle the security threat and provide it to the users.
Now, the OS has online update facilities. We have to ensure that we have updated
the OS whenever a new update is released to keep our OS up-to-date and able to
handle the new security threats.

Hardware Security

Computer is made of electronic boards, chips, electromagnetic devices like hard
disk, electromechanical parts like CPU Fan, DVD-Drive motors, etc. The hardware
can be damaged with:

Water and moisture on the electronic circuits.
Dust dirt on mechanical parts.
Irregular electricity on the circuit boards.

Approved by Curriculum Development Centre, Sanothimi, Bhaktapur 76

Vedanta Let’s Log in Computer Science | Book 10

Fire burning the machine (fire can be generated from the spark on electric
circuits)

Overheating of the device (especially when the device need extensive
processing like servers and gaming computer)

Theft of the computer and its devices
So, to protect the computer hardware, we can take following measures;

i) Regular Maintenance

Keep the computer room clean.
Avoid water and moisture in the computer room and avoid or be pre-

cautious while eating or drinking while working with computer.
Arrange regular maintenance of the computer system and devices.

During the periodic maintenance dust and dirt is cleaned off the
computer’s devices and loose connections of electricity and network
devices and parts inside the computers are fixed.
Faulty devices are detected and replaced. We can do this by bringing
our computers and devices to the service center or by having Annual
Maintenance Contract (AMC) with a service providing company
depending on the policy of organization and number of computers and
devices.

ii) Insurance

Insurance is a way to get the investment – whole or part of it – back
in case the computer system is damaged because of theft, vandalism
or natural calamity like fire or flood. For insurance of assets, we have
to contact the agent of a non-life insurance company and against the
payment of nominal amount of money as premium every year, we can
insure our computer and other assets.

iii) Free from dust Cleaning CPU cabinet

Often dust build-up occurs in
computer case fans, inside the
power supply or CPU cooler.
When CPU cooler fails to
spin because of dust build-up,
processor can over heat and
become damaged. If power supply

77 Approved by Curriculum Development Centre, Sanothimi, Bhaktapur

Vedanta Let’s Log in Computer Science | Book 10

fan blows, this can become a serious fire hazard because of the heat
being generated. These components need to be maintained for safety
on a regular basis. So, the compute room has to be absolutely free from
dust and air-pollution.

iv) Fire Extinguisher

Install fire extinguishers in the computer
room. In case of fire, we can extinguish the
fire quickly and minimize damage.

v) Theft fire extinguishers

The computer room should have physical
security with proper locking system, controlled access of authorized
persons only by having human guard or biometric machine.

vi) Air condition system

When the computer system is used Air Condition System
for a long time, it becomes heated. If
the computer system room contains
servers and other devices that have
to do extensive processing, we should
consider installing air conditioning
system in the room. The air condition
system helps to reduce the room
temperature.

vii) Power protection device

Have reliable electric system – cable, switches in the computer room,
checking and replacing them regularly.

Use voltage stabilizers, spike controllers or Uninterruptible Power
Supplies (UPS) to avoid irregular electric supplies like high voltage,
fluctuating voltage, or power cuts.

Frequent power cuts may not only cause damage to the computer hardware
but also cause data loss that we are currently working on. For example, if we are
working on the text file or graphics for an hour and have not saved the work and
power gets cut, we lose that data. A UPS is a device which has a battery backup in
it which is charged when there is power in the mains and automatically switches
to the battery power when the mains gets cut off and thus helps to prevent the

Approved by Curriculum Development Centre, Sanothimi, Bhaktapur 78

Vedanta Let’s Log in Computer Science | Book 10
computer from being turned off at the time of power cut and save our data that
we are working. It also protects accidental damage (file being corrupt) of program
or data file. In the other hand, we also have to make a habit of frequently and
regularly saving our work.

UPS

Surge Arrester Industrial Surge
Protection

Back-UPS Power Surge

AC Power Protection Power protection devices

POINTS TO REMEMBER

Nowadays, we can copy important data into online storage devices which is also
called cloud storage.
Phishing is the fake attempt to obtain sensitive information.
Keylogger is hardware or software for recording the keys pressed on a keyboard.
A computer hacker is any skilled computer expert who uses technical knowledge to
overcome a problem.
White hats are hackers who work to keep data safe from other hackers by finding
system vulnerabilities.
Black hats or crackers are hackers with malicious intentions. They often steal and
sell data.
Grey hats include those who hack for fun or to troll.
Malicious code is the kind of harmful computer code or web script designed to create
system vulnerabilities.

79 Approved by Curriculum Development Centre, Sanothimi, Bhaktapur

Vedanta Let’s Log in Computer Science | Book 10

Authentication system is the process of identifying an individual usually based on a
username and password.

A password is a memorized secret used to confirm the identity of a user.

Biometric verification is uniquely identified by evaluating one or more distinguishing
biological traits.

A firewall is the network security systems that monitors and controls the traffic flow
between the Internet and private network.

Cryptography is the study of secure communications techniques that allow only the
sender and intended recipient of a message to view its contents.

The term is derived from the Greek word “ kryptos”, which means hidden.

Encryption is the technology to encode file or message.

The conversion of encrypted data into its original form is decryption.

Malware is short for malicious software, and is a general term used to describe all of
the viruses, spyware, worms, adware, nagware, trojan.

Spyware is any software installed on your PC that collects your information without
your knowledge

Adware is a software application used by companies for marketing purposes

Day by day new viruses developed which has different effects and symptoms.

Computer viruses can spread through many different source or media.

The computer virus is small destructive program whose intension is harms computer
software and data.

Some viruses produce unnecessary messages on the screen, some virus hide files,
some virus corrupt files and programs, some virus reduce memory size, etc.

Computer viruses can spread from one computer to other computers through many
different media or sources.

To make computer system free from viruses, antivirus software is used.

Antivirus software is a type of program designed to detect and remove viruses from
computer system.

Backup is the system of copying data and programs into another location or creating
duplicate copy of it’s in a secured place.

Approved by Curriculum Development Centre, Sanothimi, Bhaktapur 80

Vedanta Let’s Log in Computer Science | Book 10

xercise

1. Answer the following questions:
a. Define computer security.
b. What is hardware security?
c. What is data and information security?
d. List some points how we can protect our data.
e. What is a backup? Why is backup vital to computer security system?
f. Write down any six possible threats to computer security.
g. What is password? Why is password used in a computer?
h. Define Encryption and Decryption.
i. Briefly explain how public key cryptography works.
j. What are the security threats? Explain in brief any two.
k. How would you protect against a Denial of Service attack?
l. Who are the White hats hackers? What do they do?
m. Who is Grey hat hacker?
n. What are malicious codes?
o. What is malware and how can we protect it?
p. Define antivirus software with four examples.
q. Why is a computer with anti-virus software protected from viruses?
r. Define Firewall with examples.
s. What is biometric verification?

81 Approved by Curriculum Development Centre, Sanothimi, Bhaktapur

Vedanta Let’s Log in Computer Science | Book 10

t. How do biometric devices help improve security?
u. Write down any four preventive measures of computer hardware security.
v. Point out any four computer software security measures.
w. What is power protection device? Write its role in the computer security.
x. Why is it important to protect computer system from dust?
y. When is it especially important to use a firewall?

2. Match the Following: Group B
I. i. Duplicate copy of data
Group A ii. Secret word or phrase
a. Password iii. Authentication
b. Encryption iv. Scrambled and unreadable form of information
c. Backup v. Rearrangement of fragmented file
d. Access Control
i. Software that prevent gaining access
II. ii. Malware
a. Antivirus iii. Security threats
b. Keylogger iv. Software to remove malicious programs
c. Trojan v. Duplicating disk
d. Firewall

3. Give appropriate technical terms of the followings:
a) The hardware or software for recording the keys pressed on a keyboard
b) The skilled computer expert who uses technical knowledge to overcome a problem

Approved by Curriculum Development Centre, Sanothimi, Bhaktapur 82

Vedanta Let’s Log in Computer Science | Book 10
c) The kind of harmful computer code or web script designed to create system vulnerabilities
d) A process of performing variety of tech-enabled activities via virtual communities and
network
e) A small destructive program whose intention is harms computer software and data
f) The uniquely identified by evaluating one or more distinguishing biological traits
g) The process of identifying an individual usually based on a username and password
h) The network security systems that monitors and controls the traffic flow
i) A memorized secret used to confirm the identity of a user
j) Law that governs the legal issues of cyberspace
k) The fake attempt to obtain sensitive information
l) The technology to encode file or message

Project Work

1. Prepare a presentation on the topic “Some measures to Protect from Threats" and
present in your class.

2. Given the shift toward m-commerce, make a search for m-commerce (or mobile
commerce) crime. Identify and discuss the security threats this type of technology
creates. Prepare a presentation outlining your vision of the new opportunities for
cybercrime that m-commerce may provide.

3. Prepare a presentation file on a topic “Different types of Malware” and present in your
class.

83 Approved by Curriculum Development Centre, Sanothimi, Bhaktapur

Vedanta Let’s Log in Computer Science | Book 10

Unit E-Commerce

1.4

Introduction

The use of the internet, the web, and mobile apps and browsers running on electronic
devices to transact business can be termed as e-commerce. In other words,
e-commerce can be defined as digitally enabled commercial transactions between
and among organizations and individuals. Digitally enabled transactions include
(buying, selling, and exchanging of goods) all transactions mediated by digital
technology over the internet, the web, and/or via mobile devices. Commercial
transactions involve the exchange of value (e.g., money) across organizational
or individual boundaries in return for products and services. If you are buying
any goods or services from a website or paying your electricity bills, or topping up
your mobile balance via mobile app, these are the some of the common examples of
e-commerce. If a business is buying raw materials or services from other businesses
then it is also referred to as e-commerce transaction.

Technology behind e-commerce: the Internet, web, and mobile platform

The technological drive behind e-commerce are the Internet, the Web, and
increasingly, the mobile platform. The internet is a worldwide network of
computer networks built on common standards. Created in the late 1960s to
connect a small number of mainframe computers and their users, the Internet has
since grown into the world’s largest network. It is impossible to say with certainty
exactly how many computers and other mobile devices such as smartphones and
tablets are connected to the Internet worldwide at any one time, but some experts
estimate the number to be more than 5 billion (Camhi, 2015).
The Internet links businesses, educational institutions, government agencies, and
individuals together, and provides users with services such as e-mail, document
transfer, shopping, research, instant messaging, music, videos, and news.
The World Wide Web (the Web) is an information system that runs on the Internet
infrastructure. The Web was the original “killer app” that made the Internet
commercially interesting and extraordinarily popular. The Web provides access
to billions of web pages indexed by Google and other search engines. These pages
are created in a language called HTML (HyperText Markup Language). HTML
pages can contain text, graphics, animations, and other objects. The internet prior

Approved by Curriculum Development Centre, Sanothimi, Bhaktapur 84

Vedanta Let’s Log in Computer Science | Book 10

to the Web was primarily used for text communications, file transfers, and remote
computing. The Web introduced far more powerful and commercially interesting
capabilities of direct relevance to commerce. In essence, the Web added color,
voice, and video to the Internet, creating a communications infrastructure and
information storage system that rivals television, radio, magazines, and libraries.
The mobile platform is the newest development in Internet infrastructure. The
mobile platform provides the ability to access the Internet from a variety of
mobile devices such as smartphones, tablets, and other ultra-lightweight laptop
computers via wireless networks or cell phone service. Mobile devices are playing
an increasingly prominent role in Internet access. In the early years of e-commerce,
the Web and web browsers were the only game in town. Today, in contrast, more
people access the Internet via a mobile app than by using a desktop computer and
web browser.

Traditional Commerce vs. E-Commerce

As we know, e-commerce is completely works in a digital and an online mode
whereas traditional commerce is done offline and through in person or face to face.

Similarities Traditional Commerce
E-Commerce
a) Both want to make profit
b) Both aim at delivering a high-quality

product or service
c) Both want to serve a large number of

customer
d) Both try to quickly deliver products

and services

Differences

a) E-commerce customers expect shorter
fulfillment time.

b) E-commerce customers must understand
Web-based technologies.

c) E-commerce provides a global audience.
d) Orders in e-commerce processed without

human interaction or travel to a store
location

85 Approved by Curriculum Development Centre, Sanothimi, Bhaktapur

Vedanta Let’s Log in Computer Science | Book 10

Major Trends in E-Commerce

From the perspective of business, one of the most important trends to note is that
all forms of e-commerce continue to show very strong growth. Retail e-commerce
has been growing at double-digit rates for the last few years. Social networks such
as Facebook, Pinterest, and Instagram are enabling social e-commerce by
providing advertising, search, and Buy buttons that enable consumers to actually
purchase products. Local e-commerce is being worked by the explosion of interest
in on-demand services such as Uber and Airbnb.

E-commerce Org. in Nepal

From a technology perspective, the mobile platform based on smartphones and
tablet computers has finally arrived with a bang, driving astronomical growth in
mobile advertising and making true mobile e-commerce a reality. The use of
mobile messaging services such as Messenger, WhatsApp and Viber have created
an alternative communications platform that are beginning to be leveraged for
commerce as well. Cloud computing is inextricably linked to the development of
the mobile platform by enabling the storage of consumer content and software on
cloud (Internet-based) servers, and making it available to mobile devices as well
as desktops.
The Internet and mobile platform provide an environment that allows millions
of people to create and share content, establish new social bonds, and strengthen
existing ones through social network, photo- and video-posting, and blogging sites
and apps, while at the same time creating significant privacy issues.

Benefits and Limitations of E-Commerce

It liberates the market from being restricted to a physical space and makes it
possible to shop from your desktop, at home, at work, or even from your car, using

Approved by Curriculum Development Centre, Sanothimi, Bhaktapur 86

Vedanta Let’s Log in Computer Science | Book 10
mobile e-commerce. From a consumer point of view, it reduces transaction costs—
the costs of participating in a market. To transact, it is no longer necessary that
you spend time and money traveling to a market.
E-commerce technology permits commercial transactions to cross cultural, regional,
and national boundaries far more conveniently and cost-effectively than is true in
traditional commerce. As a result, the potential market size for e-commerce
merchants is roughly equal to the size of the world’s online population. More
realistically, the Internet makes it much easier for startup e-commerce merchants
within a single country to achieve a national audience than was ever possible in
the past.
With e-commerce technologies, it is possible for the first time in history to easily
find many of the suppliers, prices, and delivery terms of a specific product anywhere
in the world, and to view them in a coherent, comparative environment.
E-commerce technologies have the potential for offering considerably more
information richness than traditional media such as printing presses, radio, and
television because they are interactive and can adjust the message to individual
users. Chatting with an online sales person, for instance, comes very close to the
customer experience in a small retail shop.
E-commerce technologies allow for interactivity, meaning they enable two-
way communication between merchant and consumer and among consumers.
Traditional television or radio, for instance, cannot ask viewers questions or enter
into conversations with them, or request that customer information be entered
into a form. Interactivity allows an online merchant to engage a consumer in ways
similar to a face-to-face experience. Comment features, community forums, and
social networks with social sharing functionality such as Like and Share buttons
all enable consumers to actively interact with merchants and other users.
E-commerce technologies reduce information collection, storage, processing, and
communication costs. At the same time, these technologies greatly increase the
currency, accuracy, and timeliness of information—making information more
useful and important than ever. As a result, information becomes more plentiful,
less expensive, and of higher quality.
E-commerce technologies permit personalization: merchants can target their
marketing messages to specific individuals by adjusting the message to a person’s
name, interests, and past purchases.

87 Approved by Curriculum Development Centre, Sanothimi, Bhaktapur

Vedanta Let’s Log in Computer Science | Book 10

E-Commerce Practices in Nepal

E-Commerce is growing in Nepal despite some challenges like difficult terrain and
lack of street addresses, limited access to e-payment services and transfers from
e-banking.

There are a handful of websites that offer e-commerce for consumers in Nepal,
although most of these are traditional retailers that offer delivery services for their
products ordered online. An online food delivery website ‘www.foodmandu.com’ is
popular with both expatriates and local residents. SastoDeal and Daraz are rising
online shopping portals ‘www.sastodeal.com, www.daraz.com’. There are other
websites that offer eCommerce services which includes www.muncha.com, www.
bhatbhateni.com, www.hamrobazar.com, eSewa, Khalti, www.onlinekhabar.com.
These sites are generally used to send gifts during religious festivals – frequently
by overseas Nepalis – and delivery of goods is done primarily within Nepal.

Benefits and Limitations of E-Commerce

E-Commerce and its associated technology have brought about many changes in
our daily lives. We do not need to spend the whole day to pay electricity bill. Now,
we can do this just within a minute. We do not need to bargain at shops. We can
compare the prices in different e-commerce sites and choose the best one.

Advantages of E-Commerce

i. Faster buying/selling procedure, as well as easy to find products.
ii. Buying/selling anytime and anywhere
iii. As there are no any geographical limitations, can deliver service globally
iv. Low operational costs
v. No need of physical company set-ups
vi. Easy to start and manage a business
vii. Customers can review the comments and compare in different sites without

moving around physically

Limitations of E-Commerce

Though E-Commerce has many benefits, it also has some limitations which are
listed below:

Approved by Curriculum Development Centre, Sanothimi, Bhaktapur 88

Vedanta Let’s Log in Computer Science | Book 10

i. Lack of personal touch. We cannot touch the goods physically
ii. We cannot do any transaction without Internet access device. So, it is heavily

dependent on Internet technologies
iii. Not all the goods can be purchased online
iv. Easy to set up so anyone can start e-commerce site. We need to be careful

about the quality of product and service delivery
v. Security issues of customer’s information
vi. Technical failures can cause unpredictable effects on the total processes

Types of E-Commerce

There are a number of different types of e-commerce and many different ways to
characterize them. For the most part, we distinguish different types of e-commerce
by the nature of the market relationship—who is selling to whom. Mobile, social,
and local e-commerce can be looked at as subsets of these types of e-commerce.

1. Business-to-Consumer (B2C) e-commerce

The most commonly discussed type of e-commerce is business-to-consumer
(B2C) e-commerce, in which online businesses attempt to reach individual
consumers. B2C e-commerce includes purchases of retail goods, travel and other
types of services, and online content. Amazon.com, bhatbhatenionline.com, daraz.
com.np are a good example of B2C e-commerce.

Business
Organization

GDoeolidves/rSyervices Order
Processing

Customer Orders E-Commerce Site
Goods/Services

Business-to-Consumer (B2C)

89 Approved by Curriculum Development Centre, Sanothimi, Bhaktapur

Vedanta Let’s Log in Computer Science | Book 10

2. Business-to-Business (B2B) e-commerce

Business-to-business (B2B) e-commerce, in which businesses focus on selling
to other businesses. Individual customer cannot buy from this type of e-commerce.

Business
Organization

GDoeolidves/rSyervices Order
Processing

Wholesaler Orders E-Commerce Site
Goods/Services
Sells

Customer

Business-to-Business (B2B)

In this model, the product is first sold to wholesaler who then sells the product to
the final customer. As an example, a wholesaler places an order from a company's
website and after receiving the consignment, sells the end product to final customer
who comes to buy the product at wholesaler's retail outlet. Alibaba.com is a good
example of B2B e-commerce.

3. Consumer-to-Consumer (C2C) e-commerce

Consumer-to-consumer (C2C) e-commerce provides a way for consumers to
sell to each other, with the help of an online market maker (also called a platform
provider) such as the classifieds site hamrobazar.com, or on-demand service
companies such as Tottle, Pathao, FoodMario are the good example of C2C website
in Nepal. In C2C e-commerce, the consumer prepares the product for market, places
the product for auction or sell their assets like residential property, cars, bike,
etc. and relies on the market maker to provide catalog, and transaction-clearing
capabilities so that products can be easily displayed, discovered, and paid for. For

Approved by Curriculum Development Centre, Sanothimi, Bhaktapur 90

Vedanta Let’s Log in Computer Science | Book 10

this all website may or may not charge the consumer for its services. Another side
the consumer may opt to buy the product of the first customer by viewing the post
on the website.

E-Commerce
Site

Wants to sell products Wants to buy products

Customer 1 Receives products Customer 2

Receives money Khalti (Digital Wallet)
Consumer-to-Consumer (C2C)

Mobile E-Commerce (m-commerce)

Mobile e-commerce (m-commerce) refers to the use
of mobile devices to enable online transactions.
M-commerce involves the use of cellular and wireless
networks to connect smartphones and tablet computers
to the Internet. Once connected, mobile consumers
can purchase products and services, make travel
reservations, use an expanding variety of financial
services, access online content, and much more. It is also
known as next-generation e-commerce.

Typical examples of M-commerce are:
a) Purchasing airline tickets
b) Purchasing movie tickets
c) Restaurant / Hotel booking and reservation
d) Top-Up Charges
e) Balance Enquiry
f) Utility Payment
g) Fund Transfer

91 Approved by Curriculum Development Centre, Sanothimi, Bhaktapur

Vedanta Let’s Log in Computer Science | Book 10

After purchasing something from buyer, we need to pay money. Online
payment or E-payment is one of the major component of an e-commerce transaction.
It refers to the payment for buying goods or services through the internet using
different online payment gateway.

Different modes of Electronic Payments

i. Credit Card
ii. Debit Card
iii. Digital Currency (bit coin)
iv. Electronic Fund Transfer (EFT)
v. Digital Wallet
vi. E-Banking

Likewise, different forms of e-payment in Nepal include:

Credit Cards (introduced by Nabil Bank in 1990)
Debit Cards (all commercial banks)
Electronic fund transfers at points of sale
(EFTPOS)
Internet banking (introduced by Kumari Bank
Ltd. in 2002)
Mobile banking (introduced by Laxmi Bank Ltd. in
2004).
Digital Wallet such as e-sewa, Khalti, etc.

M-Commerce (e-sewa)

Approved by Curriculum Development Centre, Sanothimi, Bhaktapur 92

Vedanta Let’s Log in Computer Science | Book 10

POINTS TO REMEMBER

E-Commerce refers to the buying and selling of goods and products over computer
communication network such as the Internet.
Technology used in E-Commerce includes E-mail, , Online catalogs and shopping
carts, EDI, Online Payment Gateway, Security tools, network protocol and different
web services.
The three basic types of E-Commerce models are Business-to-Consumer (B2C),
Business-to-Business (B2B), and Consumer-to-Consumer (C2C).
Business-to-Consumer is conducted between merchant companies and individual
consumers. This is the most common e-commerce type.
Business-to-Business (B2B) e-commerce is conducted between companies.
Individual customer cannot buy from this type of e-commerce.
Consumer-to-Consumer (C2C) e-commerce platform provides opportunities for
individual consumers to buy or sell goods or services online.
M-Commerce refers to the process of buying and selling of goods and services
through smart phones, tablets or personal digital assistants (PDAs).
Online payment refers to the payment for buying goods or services through the
Internet using different online payment gateway.

93 Approved by Curriculum Development Centre, Sanothimi, Bhaktapur

Vedanta Let’s Log in Computer Science | Book 10

xercise

1. Answer the following questions:
a) Define E-Commerce. Explain advantages and disadvantages of E-Commerce.
b) What are the features of E-commerce?
c) Difference between E-commerce and Traditional Commerce?
d) Mention the benefits and limitations of E-Commerce.
e) Explain the different types of E-Commerce.
f) Briefly the B2C business model?
g) What is M-Commerce? Give some examples.
h) What is Online Payment? Write the different forms of e-payment in Nepal.
i) What are the different e-commerce business models?

2. Write the full form of:

a) EDI b) B2C c) B2B
f) PDA
d) C2C e) M-Commerce i) EFTPOS

g) EFT h) CoD

3. Write short notes on:
a) Online Payment
b) Traditional Commerce vs. E-Commerce

Activities

1. Prepare a presentation file on a topic the “Current trends of E-Commerce in Nepal”
and present in your class as a group work.

2. Prepare a presentation on different types of services provided by digital wallet service
providers available in Nepal.

Approved by Curriculum Development Centre, Sanothimi, Bhaktapur 94

Vedanta Let’s Log in Computer Science | Book 10

3. Examine the experience of shopping online versus shopping in a traditional environment.
Imagine that you have decided to purchase a digital camera (or any other item of your
choosing). First, shop for the camera in a traditional manner. Describe how you would
do so (for example, how you would gather the necessary information you would need
to choose a particular item, what stores you would visit, how long it would take, prices,
etc.). Next, shop for the item on the Web or via a mobile app. Compare and contrast
your experiences. What are the advantages and disadvantages of each? Which do you
prefer and why?

4. Explore the following e-commerce sites and browse the different parts and prepare a
small report.

a) esewa.com.np b) Pathao c) FoodMario

d) 1ropani.com e) gharbanau.com f) Amazon.com

g) Ebay.com h) Flipcart.com i) Snapdeal.com

j) sastodeal.com k) hamrobazaar.com l) trivago.com

95 Approved by Curriculum Development Centre, Sanothimi, Bhaktapur

Vedanta Let’s Log in Computer Science | Book 10

Unit Contemporary

1.5 Technology

Introduction

Technology is evolving every day. We hear news about new technologies being
used in many parts of the world. Some of these computing technologies have
been so much integrated into our society and businesses that we cannot imagine
life without them. Services like E-mail, chatting, social network, e-commerce,
on-demand videos are examples of such technologies. Behind all these services,
there are many integrated technologies working together like Cloud Computing,
Artificial Intelligence, Virtual Reality, IoT, Big data, etc.

Cloud Computing

Cloud computing is the delivery of computing services—including servers, storage,
databases, networking, software, analytics, and intelligence—over the Internet
(“the cloud”) to offer faster innovation, flexible resources, and economies of scale.
You typically pay only for cloud services you use, helping lower your operating
costs, run your infrastructure more efficiently, and scale as your business needs
change.

Cloud Computing

Companies like Amazon AWS, Microsoft Azure, iCloud, Google Cloud, IBM Cloud,
VMware Cloud, Oracle Cloud and Alibaba Cloud are providing very large server

Approved by Curriculum Development Centre, Sanothimi, Bhaktapur 96

Vedanta Let’s Log in Computer Science | Book 10

farms and data centers over the internet to their customers, who pay only for the
resources they use. These companies that provide cloud computing services are
called a cloud service provider.
As organizations using public cloud services do not own infrastructure, they do not
have to make a large investment in their own hardware and software. Public clouds
are ideal for small and medium-sized businesses who cannot afford to fully develop
their own infrastructure for applications requiring high performance, scalability,
and availability.
Cloud service providers typically charge for their services based on usage, similar
to how we paid the bill for water, electricity, telephone at home. Gmail, Facebook,
YouTube, PUBG Game and many other web-based services you are using these
days are hosted on the cloud. Millions of users can simultaneously use this type of
services that are hosted on the cloud.

Benefits of cloud computing

1. Cost

Cloud computing eliminates the capital expense of buying hardware and
software and setting up and running on-site datacenters—the racks of servers, the
round-the-clock electricity for power and cooling, the IT experts for managing the
infrastructure. It adds up fast.

2. Speed

Most cloud computing services provide self-service and on-demand service.
So, even vast amounts of computing resources can be provisioned in minutes,
typically with just a few mouse clicks, giving businesses a lot of flexibility and
taking the pressure off capacity planning.

3. Global scale

The benefits of cloud computing services include the ability to scale elastically.
Cloud speak means delivering the right amount of IT resources—for example, more
or less computing power, storage, bandwidth—right when it is needed and from the
right geographic location.

4. Performance

The benefits of cloud computing services include the ability to scale elastically.
It delivery the right amount of IT resources—for example, more or less computing

97 Approved by Curriculum Development Centre, Sanothimi, Bhaktapur

Vedanta Let’s Log in Computer Science | Book 10
power, storage, bandwidth—right when it is needed and from the right geographic
location.

5. Security

Many cloud providers offer a broad set of policies, technologies, and controls
that strengthen your security posture overall, helping protect your data, apps and
infrastructure from potential threats.

6. Productivity

On-site datacenters typically require a lot of “racking and stacking”—
hardware setup, software patching, and other time-consuming IT management
tasks. Cloud computing removes the need for many of these tasks; so, IT teams can
spend time on achieving more important business goals.

7. Reliability

Cloud computing makes data backup, disaster recovery, and business
continuity easier and less expensive because data can be mirrored at multiple
redundant sites on the cloud provider’s network.

Examples of Services over Cloud Microsoft Office 365
Google Drive
Microsoft Office 365

Internet versions of Word, Excel, PowerPoint, and
OneNote accessed via your Web browser without installing
anything.

Google Drive

This is a pure cloud computing service, with all the
storage found online. So, it can work with the cloud apps:
Google Docs, Google Sheets, and Google Slides. Google Drive
is also available on more than just desktop computers; you
can use it on tablets like the iPad or on smartphones, and
there are separate apps for Docs and Sheets as well. Most
of Google's services could be considered cloud computing:
Gmail, Google Calendar, Google Maps, and so on.

Approved by Curriculum Development Centre, Sanothimi, Bhaktapur 98

Vedanta Let’s Log in Computer Science | Book 10 Apple iCloud

Apple iCloud

Apple's cloud service is primarily used for online
storage, backup, and synchronization of your mail, contacts,
calendar, and more.

Types of cloud computing

Types of Cloud Computing

Public Private Hybrid

Not all clouds are the same and not one type of cloud computing is right for
everyone. Several different models, types and services have evolved to help
offer the right solution for your needs.

Public cloud

Public clouds are owned and operated by a third-party cloud service
providers, which deliver their computing resources like servers and storage
over the Internet. Microsoft Azure, Amazon Web Services and Google
Cloud are an example of public cloud. With public cloud, all hardware,
software, and other supporting infrastructure are owned and managed by
the cloud provider. You access these services and manage your account
using a web browser.

Private cloud

A private cloud refers to cloud computing resources used exclusively by
a single business or organisation. A private cloud can be physically located
on the company’s on-site data center. Some companies also pay third-party
service providers to host their private cloud. A private cloud is one in which
the services and infrastructure are maintained on a private network.

99 Approved by Curriculum Development Centre, Sanothimi, Bhaktapur

Vedanta Let’s Log in Computer Science | Book 10

Hybrid cloud

Hybrid clouds combine public and private clouds, bound together by
technology that allows data and applications to be shared between them. By
allowing data and applications to move between private and public clouds, a
hybrid cloud gives your business greater flexibility, more deployment options
and helps optimise your existing infrastructure, security, and compliance.

Types of cloud computing services

1. Infrastructure as a Service (IaaS)

This is the most basic category of cloud computing services. With IaaS,
you rent IT infrastructure—servers and virtual machines (VMs), storage,
networks, operating systems—from a cloud provider on a pay-as-you-go
basis. Rackspace, Amazon Web Services (AWS), Microsoft Azure, Google
Compute Engine (GCE) are some popular examples of IaaS.

2. Software as a Service (SaaS)

Software as a service is a method for delivering software applications over
the Internet, on-demand and typically on a subscription basis. With SaaS, cloud
providers host and manage the software application and underlying infrastructure
and handle any maintenance, like software upgrades and security patching. Users
connect to the application over the internet, usually with a web browser on their
phone, tablet or PC. Services like Gmail, Google Drive, Salesfore.com, very popular
Customer Relationship Management Software (CRM), and Office 365 are some of
the examples of SaaS.

3. Platform as a Service (PaaS)

Platform as a service refers to cloud computing services that supply an on-
demand environment for developing, testing, delivering and managing software
applications. PaaS is designed to make it easier for developers to quickly create
web or mobile apps, without worrying about setting up or managing the underlying
infrastructure of servers, storage, network and databases needed for development.
Google App Engine and IBM provides Bluemix for software development and
testing on its cloud.

Approved by Curriculum Development Centre, Sanothimi, Bhaktapur 100