The Internet:  domains, viruses, worms, and firewalls


1) Domains.  Basically, a domain on the internet is a site that (usually) manages a LAN.  Think of http://www.cs.utk.edu, and think also of snarf@cs.utk.edu.  cs.utk.edu  is the domain here.  On your PC, go to the start menu, select run, type cmd (for command).  This brings up an old DOS-style window with a ">" prompt.  At this prompt you can do >ipconfig /all   this shows your computer's IP address, your DNS (domain name server), etc.  You can also type >nslookup  www.cs.utk.edu   and >nslookup  cs.utk.edu.  Doing the former shows that www.cs.utk.edu has IP address 160.36.56.64, and doing the latter shows 160.36.56.56.  All UTK hosts have IP addresses starting with 160.36.  All Computer Science hosts have IP addresses that start with 160.36.56, 57, 58, and 59:  CS is a subnet of the large UTK LAN, and might also be considered a subdomain.  If you try nslookup utk.edu you get 160.36.178.162, and nslookup web.utk.edu gives you 160.36.178.56.  The overall domain is utk.edu, and UTK addresses start with 160.36.  160.36.178.62  is the IP address of a particular host in the UTK LAN:  160.36.178.56 is the address of a different host--the main web server for UTK.  The main CS server is 160.36.56.56--
this is where email gets sent.  The CS web server is at 160.36.56.64--a different host.  crux6 in the crux lab is 160.36.56.125, crux7 is at
160.36.56.126, etc.  Each host has its own IP address.  Other domains include www.wikipedia.org (66.230.200.100), www.gigli.com is at 208.73.212.12, etc  To help organize things, you'll see .com, .org, .gov, .edu, .uk (united kingdom), .in (india), etc.

Now consider http://accounts.utk.edu/uact/default.html (the OIT account manager interface that gets you to the web management page).  utk.edu is the domain, and accounts.utk.edu (160.36.178.165) is the host server on UTK's LAN.  On this host, uact is a folder (very much like your lab6, etc folders), and default.html is an individual file within that folder.  You can have multiple levels of folders,
just like the lab6 folder in your cs100 folder, etc.  So at the OIT site above, if you click on manage your website, you get to a login page, and this is at http;://accounts.utk.edu/cgi-bin/uact/(more stuff)..  so that uact is a folder within the cgi-bin folder, etc.

A DNS (Domain Name Server) can be thought of as a kind of a database that keeps track of hosts within a domain--it knows the aliases (e.g. crux7.cs.utk.edu) and their equivalent IP addresses.  Think of it like Google or like dialing 411 for informational lookups.  Your PC has a small cache of known IP addresses, so it can remember some things.  But it's still a cache, and cannot hold millions of IP addresses and their aliases, and so when you ask your PC for an alias it doesn't know (www.showgirls.com) your PC then sends a query to its DNS (remember above, the ipconfig /all command showed where your PC's DNS is at) and your DNS will send your PC the IP address (216.21.229.197) so that your browser can send packets over the internet to that site.  If your DNS doesn't know the answer (it cannot know all addresses in the world) it queries higher-level DNS's and eventually gets the answer, which it sends along to your PC.
--------------------------------------------------------
2) Viruses and worms.  The distinction can be a little fuzzy, and virus is often used as a generic term.  If you've seen vampire movies, you know that for a vampire to get into a house, it must be invited in--it looks charming and acts friendly, but once you let it in, it bites you.  Viruses have to be invited in as software.  They typically arrive through software on flash drives, floppies, CDs or DVDs, and (most commonly) via the internet.  You'll get email with a friendly-sounding attachment that asks you to open the file--to run it.  Then your computer gets infected.  A worm, on the other hand, can get in without your invitation.  A trojan horse is a worm that
is also like a virus--it requires some action on your part to infect your computer.   For example--recently one of the devious internet schemes would say something such as "A family member has sent you an e-card!  Go to the following web site to view your card...."  If you went to that site your computer might usually block the infected file from downloading.  In that event this devious software would say "You need to upgrade your browser!  Do the following..."  which disabled the blocking software and then let you bring the
trojan horse in.  The people of Troy had to open their gates and drag the horse full of Greeks into the city for the ploy to work.  So you were not simply running a file--which is how you get viruses, but you were disabling the blocking software.

Antivirus programs (which are also usually antiworm as well) do their best to protect your computer.  But the antivirus sites are not
completely up to date--someone has to see that there is a problem, figure out what the problem is, see the footprints or characteristics  of the worm or virus, update the antivirus site, and then the antivirus software on your PC must download the antivirus update, and by that time you could already be infected.  Not all antivirus sites are equally effective, and at any given time there will usually be worms or viruses that are listed on some antivirus sites but not on others.  People have to write patches that will let you disinfect your computer as well.

------------------------------------------------------
3) firewalls.  In brief, a firewall is a barrier between your computer and the network.  The goal is to protect your computer from intrusion, worms, etc.  Remember that when you're connected to the internet, packets can and do go in both directions--into your PC from the internet as well as from your PC to the internet.  Remember also that you can set your PC up as a server so that people on the outside can connect in--not a very good idea!  Your PC has what are called PORTS.    Port 80 is for http--web browsing.  Port 22 is the SSH (secure shell) connection, etc.  When your PC is connected to the internet, outside hosts are very often trying to get in.  Sometimes these are relatively harmless--things like cookies that want to gather information, some of these are not harmless at all.  So firewalls are used to help keep out unwanted visitors.  Firewalls look at the packets leaving and entering your PC, and filter these packets.   NOTE:  worms come in through holes in your system--they do not require action on your part usually (like trojan horses).  Firewalls help prevent these holes being used.  Viruses infect your system when you bring infected software in--through downloading programs, copying a file from someone's flash drive, DVD, or floppy, through clicking to run an e-mailed application, etc.

A simple common example.  Windows has built-in firewalls (which can be turned off).  When you connect to www.newkids.com (208.73.212.12) from your browser, the firewall knows that you yourself are initiating the connection to 208.73.212.12 , and that it's on
 port 80.  The firewall expects to see packets coming back from this adress, and allows those packets through.  But the firewall has not seen you initiate a connection to 199.201.13.3 on port 49, and so is suspicious of incoming packets from that address and refuses to accept them.

If you have a DSL or cable modem, etc, then this is usually acting as another firewall.  A VPN (virtual private network) (see my internet 1 notes) means that on the internet side of the modem you may have IP address 205.23.191.7  and on the PC side the address might be 10.10.3.1.  This means that no host can connect directly to your PC--they have to go through the modem/router and through
a firewall.  As well as getting high-speed connections, this gives an additional layer of protection to you--as long as you don't do things like following the instruction about opening an e-card from a family member, etc.
--------------------------------------
Another example.  Think of your home or apartment or dorm room, etc.  Think of how stuff might get stolen:
1) You have some friends--people you think are your friends--over to visit you.  The next day you discover that someone walked off with your favorite DVDs, silverware, or whatever.  This is a virus-like situation--you invited them in, and one (or more) of them took something.
2) You have some friends over for a visit.  Unlike the above, none of them takes anything, but one of them when you aren't watching unlocks a window or the back door, etc, and someone else then sneaks in and steals something.  This is a trojan horse situation--you invited someone in who disabled you security to allow an open back door into your place.
3) While you're out, or asleep, someone comes quietly around checking to see if any windows are unlatched or any doors are not locked--if they are, that person enters.  This is a worm's way of getting into your system.

Of course in the above, the "worms" are (we hope) not busy replicating.  The point here is that there are different ways in which you can have household items stolen, and different ways of preventing such thefts.