Component 1 : OCR J277 Computer Science
Component 1 : OCR J277 Computer Science
1.4 Network security
1.4 Network security
1. Malware
Malicious software designed to harm or exploit computer systems.
Example: Viruses, worms, Trojans, ransomware.
Can spread through various means, including email attachments, infected websites, or removable media.
Can cause data loss, system crashes, or unauthorised access to sensitive information.
❌✅ Misconceptions
❌ Only affects Windows computers
✅ Malware can target any operating system, including macOS, Linux, and even mobile devices.
2. Social Engineering
Information: Manipulating people to divulge confidential information or perform actions that compromise security.
Example: Phishing emails, pretexting, baiting.
🗝️ Key points to remember
Exploits human psychology, often relying on trust, fear, or curiosity.
Can be difficult to detect, as it often involves seemingly legitimate requests or interactions.
❌✅ Misconceptions
❌ Only affects naive or inexperienced users
✅ Even tech-savvy individuals can fall victim to well-crafted social engineering attacks.
3. Brute-force Attacks
Trying every possible combination of characters to crack passwords or encryption keys.
Example: Guessing a password by systematically trying all possible letter, number, and symbol combinations.
🗝️ Key points to remember
Can be time-consuming, but with enough computing power, can eventually succeed.
Strong passwords and encryption algorithms are essential defences against brute-force attacks.
❌✅ Misconceptions
❌ Only affects weak passwords
✅ While weak passwords are more vulnerable, even strong passwords can be cracked given enough time and resources.
4. Denial of Service (DoS) Attacks
Overwhelming a system or network with traffic to make it unavailable to legitimate users.
Example: Flooding a website with requests so that it becomes slow or unresponsive.
🗝️ Key points to remember
Can disrupt critical services and cause financial losses.
Distributed Denial of Service (DDoS) attacks involve multiple sources, making them harder to mitigate.
❌✅ Misconceptions
❌ Only large organisations are targeted
✅ DoS attacks can affect any system connected to the internet, including individuals and small businesses.
5. Data Interception and Theft
Unauthorised access and acquisition of sensitive data.
Example: Eavesdropping on network traffic, stealing data from databases, or intercepting emails.
🗝️ Key points to remember
Can result in identity theft, financial fraud, or loss of intellectual property.
Encryption and secure data storage practices are crucial for protecting against data interception and theft.
❌✅ Misconceptions
❌ Only affects data in transit
✅ Data at rest (stored on devices or servers) is also vulnerable to theft.
6. SQL Injection
Exploiting vulnerabilities in web applications to execute malicious SQL commands.
Example: Injecting code into a web form to retrieve sensitive data from a database.
🗝️ Key points to remember
Can allow attackers to access, modify, or delete data in a database.
Proper input validation and parameterised queries are essential for preventing SQL injection attacks.
❌✅ Misconceptions
❌ Only affects outdated or poorly designed web applications
✅ Even modern applications can be vulnerable if not properly secured.
These are strategies and tools used to protect computer systems and networks from unauthorized access, attacks, and data breaches.
1. Penetration Testing
Authorised simulated attacks on a system to identify vulnerabilities before malicious hackers can exploit them.
Example: Hiring ethical hackers to attempt to breach your network and report their findings.
🗝️ Key points to remember
Proactive approach to security, uncovering weaknesses before they're exploited.
Can be expensive and time-consuming.
2. Anti-malware Software
Software designed to detect, prevent, and remove malicious software from computer systems.
Example: Antivirus software, anti-spyware software.
🗝️ Key points to remember
Essential for protecting against various types of malware.
Requires regular updates to stay effective against new threats.
3. Firewalls
Network security systems that monitor and control incoming and outgoing network traffic based on predetermined security rules.
Example: A hardware firewall device or software firewall installed on a computer.
🗝️ Key points to remember
Acts as a barrier between your network and the internet, blocking unauthorized access.
Can be configured to allow or deny specific types of traffic.
4. User Access Levels
Assigning different levels of access privileges to users based on their roles and responsibilities.
Example: Administrators have full access to a system, while regular users have limited access.
🗝️ Key points to remember
Limits potential damage from unauthorised access or accidental actions.
Prevents users from accessing or modifying data they shouldn't.
5. Passwords
Secret combinations of characters used to authenticate users and control access to systems and data.
Example: Creating a strong password for your email account.
🗝️ Key points to remember
First line of defense against unauthorised access.
Should be complex, unique, and changed regularly.
6. Encryption
Converting data into an unreadable format to protect its confidentiality.
Example: Encrypting sensitive files stored on your computer.
🗝️ Key points to remember
Ensures that even if data is stolen, it remains unreadable without the decryption key.
Can be used for data at rest (stored) or data in transit (transmitted).
7. Physical Security
Protecting physical access to computer systems and network equipment.
Example: Locking server rooms, using security cameras, and controlling access to buildings.
🗝️ Key points to remember
Prevents unauthorized individuals from physically tampering with or stealing equipment.
Often overlooked, but crucial for overall security.
❌✅ Misconceptions
❌ One method is enough
✅ A layered approach combining multiple prevention methods is essential for effective security.
❌ Security is a one-time task
✅ Security is an ongoing process that requires constant vigilance and adaptation to new threats.