← Back to Course

Network Security

Threats, attacks, and how to defend networks from malicious activity

The Idea

Why Does Network Security Matter?

Every time you log into a school system, make an online purchase, or send a private message, data travels across networks. That data — your passwords, your bank details, your personal photographs, your medical records — is valuable. To you, it is private. To a cybercriminal, it is a target. Network security is the practice of protecting computer networks and the data they carry from unauthorised access, misuse, theft, and damage.

Without network security, anyone could intercept your emails, steal your identity, drain your bank account, or hold your files for ransom. Businesses could lose trade secrets worth millions of pounds. Hospitals could lose access to patient records in a life-or-death situation. Governments could have classified information leaked to hostile nations.

In this topic you will learn:

Key Concept: Network Security Network security refers to the policies, practices, hardware, and software used to protect a computer network and its data from unauthorised access, attacks, and damage. It aims to maintain confidentiality (only authorised people can access data), integrity (data is not tampered with), and availability (systems remain accessible to legitimate users).

Why Is Security So Important?

There are several critical reasons why organisations and individuals must take network security seriously:

Exam Tip When asked “Why is network security important?” give specific reasons with examples. Do not just say “to keep data safe.” Instead, mention protection of personal data (identity theft), financial data (stolen money), business secrets (competitive advantage), legal obligations (GDPR fines), and maintaining public trust. The more specific your answer, the more marks you will earn.
Explore

Types of Attack

Cyber attacks come in many forms. Some target the software on your computer, some exploit human behaviour, and some overwhelm entire servers. Understanding each type of attack is essential for knowing how to defend against it. There are six main categories you need to know for GCSE Computer Science.

1. Malware

Malware (short for “malicious software”) is any software that is intentionally designed to cause damage, steal data, or gain unauthorised access to a system. Malware is an umbrella term that covers several specific types:

Viruses

A virus is a type of malware that attaches itself to a legitimate file or program. It cannot run on its own — it needs a “host” file. When the infected file is opened or executed, the virus activates and can replicate itself by attaching copies to other files on the same computer or files shared across a network. Viruses can corrupt or delete data, slow down systems, and spread to other computers via email attachments, USB drives, or file downloads.

Worms

A worm is similar to a virus but with one crucial difference: it does not need a host file. A worm is a standalone program that can self-replicate and spread across networks automatically, without any human interaction. It exploits vulnerabilities in operating systems or software to move from computer to computer. Worms can consume bandwidth, overload networks, and deliver harmful payloads. Because they spread without needing someone to open a file, worms can infect thousands of machines very rapidly.

Trojans

A Trojan (named after the Trojan Horse from Greek mythology) is malware that is disguised as legitimate, useful software. The user willingly downloads and installs it, thinking it is a game, a utility, or a helpful tool. Once installed, the Trojan performs its hidden malicious purpose — this might include opening a “backdoor” for hackers to access the system, stealing data, or installing additional malware. Unlike viruses and worms, Trojans do not replicate themselves — they rely on tricking the user into installing them.

Ransomware

Ransomware is one of the most devastating types of malware. Once it infects a computer, it encrypts the user’s files (documents, photos, databases — everything), making them completely inaccessible. The attacker then demands a ransom payment (usually in cryptocurrency like Bitcoin, to remain anonymous) in exchange for the decryption key. If the victim does not pay, they may lose their data permanently. Even if they do pay, there is no guarantee the attacker will provide the key.

Spyware

Spyware is malware that secretly monitors the user’s activity and steals data without their knowledge. It can record keystrokes (a “keylogger”), capture screenshots, track browsing history, and harvest login credentials, credit card numbers, and personal information. Spyware often runs silently in the background, making it difficult for the user to know they are being watched.

Common Mistake: Students often confuse viruses and worms. Remember the key difference: a virus needs a host file (it attaches to a legitimate program and activates when that program runs), while a worm is a standalone program that spreads on its own across networks without needing a host. Also remember that Trojans do not replicate — they rely on social engineering to trick users into installing them.

2. Social Engineering

Social engineering attacks exploit human behaviour rather than technical vulnerabilities. Instead of hacking into a system with code, the attacker manipulates people into giving away confidential information or performing actions that compromise security. Social engineering is extremely effective because humans are often the weakest link in any security system.

Phishing

Phishing is the most common form of social engineering. The attacker sends fake emails or creates fake websites that closely mimic legitimate organisations (banks, social media platforms, online retailers, HMRC). The messages typically create a sense of urgency: “Your account has been compromised — click here to verify your identity.” When the victim clicks the link and enters their login credentials or personal information, that data goes directly to the attacker.

Pretexting

Pretexting involves the attacker creating a false scenario (a “pretext”) to trick the victim into revealing information or granting access. For example, an attacker might phone an employee pretending to be from the IT department: “We are performing a security audit and need your password to verify your account.” The attacker builds trust through a convincing story and exploits the victim’s willingness to be helpful.

Baiting

Baiting exploits human curiosity. The attacker leaves an infected USB drive (or other storage device) in a public place — a car park, a reception area, a coffee shop. The drive might be labelled “Confidential” or “Salary Information” to make it irresistible. When a curious person picks it up and plugs it into their computer, malware is automatically installed.

Shoulder Surfing

Shoulder surfing is one of the simplest attacks: the attacker physically watches someone as they type a password, enter a PIN at a cash machine, or log into a system. This can be done in person (standing behind someone at an ATM) or remotely using cameras or binoculars. No technical skill is required — just the ability to look over someone’s shoulder.

Key Concept: Social Engineering Social engineering attacks target people, not technology. They rely on manipulation, deception, and exploiting trust. The best technical security in the world is useless if an employee gives away their password to a convincing phone caller. This is why staff training is such an important part of network security.

3. DDoS (Distributed Denial of Service)

A DDoS attack does not aim to steal data. Instead, its goal is to make a service unavailable by overwhelming a server with an enormous volume of traffic. The attacker uses a botnet — a network of thousands or even millions of compromised computers (often infected with malware without their owners’ knowledge) — to flood the target server with requests simultaneously.

The target server becomes so overwhelmed trying to process the flood of fake requests that it cannot respond to legitimate users. Websites go offline, online services become unusable, and businesses lose revenue for every minute of downtime. Major companies including Amazon, GitHub, and the BBC have all been targets of DDoS attacks.

DDoS attacks are particularly difficult to defend against because the traffic comes from multiple distributed sources (the botnet), making it hard to distinguish malicious requests from legitimate ones and impossible to block a single attacker’s IP address.

4. SQL Injection

SQL injection is an attack that targets websites and web applications that use databases. The attacker enters specially crafted SQL code into web forms (login boxes, search fields, registration forms) instead of normal input. If the website is poorly coded and does not properly validate or sanitise user input, the SQL code is passed directly to the database server and executed.

This can allow the attacker to:

SQL Injection Example 

  Normal login:
    Username: john_smith
    Password: mypassword123

  SQL injection attack:
    Username: ' OR '1'='1' --
    Password: anything

  The injected SQL tricks the database into thinking the
  login is valid, because '1'='1' is always true. The --
  comments out the rest of the original query.

SQL injection exploits poorly written websites that do not validate user input. Well-coded websites use techniques like parameterised queries (also called prepared statements) to ensure user input is treated as data, not as executable SQL code.

5. Brute Force Attack

A brute force attack is a method of cracking passwords by systematically trying every possible combination of characters until the correct password is found. The attacker uses automated software that can test thousands or millions of combinations per second.

For example, if a password is a 4-digit PIN (0000 to 9999), there are only 10,000 possible combinations — a computer can try all of them in seconds. However, a long, complex password with uppercase letters, lowercase letters, numbers, and symbols has so many possible combinations that a brute force attack could take years or even centuries to succeed.

Variations of brute force include dictionary attacks, where the software tries common words and known passwords first (e.g., “password123”, “qwerty”, “letmein”), and credential stuffing, where stolen username-password pairs from one data breach are tried on other websites (exploiting people who reuse passwords).

6. Man-in-the-Middle (MITM) Attack

In a man-in-the-middle attack, the attacker secretly intercepts communication between two parties who believe they are communicating directly with each other. The attacker positions themselves between the sender and receiver, eavesdropping on the conversation and potentially altering the messages being exchanged.

For example, if you connect to an unsecured public Wi-Fi network in a coffee shop, an attacker on the same network could intercept the data passing between your laptop and the Wi-Fi router. They could capture your login credentials, read your emails, or even modify the web pages you see (for example, redirecting you to a fake banking website). The victim has no idea that their communication is being intercepted because everything appears to work normally.

Exam Tip In the exam, you may be given a scenario and asked to identify the type of attack. Look for key clues: fake emails = phishing; self-spreading program = worm; disguised software = Trojan; encrypted files with a ransom demand = ransomware; server overwhelmed by traffic = DDoS; code in a web form = SQL injection; trying every password = brute force; intercepted communication = man-in-the-middle. Practise matching scenarios to attack types.
Understand

Prevention Methods

Now that you understand the threats, you need to know how to defend against them. No single method can protect against all attacks — organisations use a layered approach (sometimes called “defence in depth”) that combines multiple prevention methods to create comprehensive security.

1. Firewalls

A firewall is a security system that monitors and controls incoming and outgoing network traffic based on a set of predefined security rules. It acts as a barrier between a trusted internal network and untrusted external networks (such as the internet).

Firewalls are a first line of defence. They can block many common attacks, but they cannot protect against threats that arrive through legitimate channels (such as a phishing email that passes through the email port).

2. Encryption

Encryption is the process of scrambling data into an unreadable format (ciphertext) so that only someone with the correct decryption key can convert it back to the original readable form (plaintext). Even if an attacker intercepts encrypted data, they cannot understand it without the key.

Encryption is used everywhere: HTTPS websites (the padlock in your browser), email encryption, Wi-Fi passwords (WPA2/WPA3), VPNs, and encrypted messaging apps like Signal and WhatsApp.

3. Authentication

Authentication is the process of verifying the identity of a user before granting them access to a system. There are several methods:

4. Anti-Malware Software

Anti-malware software (often called antivirus software) protects computers by:

5. Access Control

Access control ensures that users can only access the data and resources they are authorised to use:

6. Physical Security

Network security is not just about software. Physical security protects the hardware and infrastructure:

7. Regular Backups

Regular backups protect against data loss from ransomware, hardware failure, natural disasters, or accidental deletion. If files are encrypted by ransomware, a recent backup allows the organisation to restore data without paying the ransom. Backups should be stored in a separate location (offsite or in the cloud) so they are not affected by the same incident. Backups should be performed frequently and tested regularly to ensure they work.

8. Penetration Testing

Penetration testing (pen testing) involves hiring ethical hackers (also called “white hat” hackers) to deliberately attempt to break into an organisation’s network. The goal is to identify vulnerabilities before real attackers find them. The ethical hackers use the same tools and techniques as malicious hackers, but they have permission and report their findings so the organisation can fix the weaknesses. Penetration testing is a proactive measure — it finds problems before they are exploited.

9. Network Policies

Technical measures alone are not enough. Organisations need policies that define rules and expectations for network use:

Important: No single prevention method is sufficient on its own. Organisations must use a layered approach that combines multiple methods. A firewall alone will not stop a phishing attack. Encryption alone will not prevent someone from shoulder surfing your password. Anti-malware alone will not stop a brute force attack. The strongest security comes from combining technical measures (firewalls, encryption, anti-malware) with human measures (training, policies) and physical measures (locked rooms, CCTV).
Understand

Prevention-to-Threat Mapping

The table below shows which prevention methods are most effective against each type of threat. Note that multiple prevention methods are usually needed for each threat — this is the principle of defence in depth.

ThreatPrimary Prevention Methods
Viruses Anti-malware software, regular updates, firewalls, staff training (do not open suspicious attachments), regular backups
Worms Anti-malware software, firewalls (block suspicious network traffic), keeping software updated (patch vulnerabilities), network monitoring
Trojans Anti-malware software, staff training (do not install untrusted software), access control (restrict software installation), download policies
Ransomware Regular backups (most critical), anti-malware software, staff training (recognise phishing), email filtering, keeping software updated
Spyware Anti-malware software, firewalls, access control, regular system scans, staff training
Phishing Staff training (most critical), email filtering, two-factor authentication (limits damage if credentials stolen), checking URLs carefully
Shoulder surfing Physical security (privacy screens, awareness of surroundings), biometric authentication, two-factor authentication
Baiting Staff training, network policies (no unknown USB devices), disabling autorun on USB ports, physical security
DDoS Firewalls, traffic monitoring and filtering, using content delivery networks (CDNs), rate limiting, having excess server capacity
SQL injection Input validation and sanitisation, parameterised queries, penetration testing, keeping web software updated, web application firewalls
Brute force Strong password policies (long, complex passwords), account lockout after failed attempts, two-factor authentication, CAPTCHA
Man-in-the-middle Encryption (HTTPS, VPN), avoiding unsecured public Wi-Fi, certificate verification, two-factor authentication
Exam Tip A common exam question gives you a threat and asks you to recommend two or three appropriate prevention methods. Always explain how each prevention method helps. For example: “To prevent ransomware, the organisation should make regular backups stored offsite so data can be restored without paying the ransom, use anti-malware software to detect and block ransomware before it executes, and provide staff training so employees can recognise the phishing emails that often deliver ransomware.”
Interactive

Test Your Knowledge

Try these interactive exercises to check your understanding of network security. Read each scenario carefully and think before you answer.

Exercise 1: Threat Identifier

Read the attack scenario below and identify what type of attack is being described.

Score: 0 / 0

Exercise 2: Match the Prevention

A threat is shown below. Choose the most effective primary prevention method for this specific threat.

Score: 0 / 0

Exercise 3: Security Concepts Quiz

Test your knowledge of network security concepts with these multiple-choice questions.

Score: 0 / 0
Practice

Practice Questions

Click on each question to reveal the answer. Try to answer in your head or on paper first before checking!

Q1: Define the term “malware” and name four types of malware.

Answer: Malware (malicious software) is any software that is intentionally designed to cause damage, steal data, or gain unauthorised access to a computer system. Four types of malware are: (1) Virus — attaches to legitimate files and replicates when the file is executed; (2) Worm — a standalone program that self-replicates across networks without needing a host file; (3) Trojan — disguised as legitimate software but contains hidden malicious code; (4) Ransomware — encrypts files and demands payment for the decryption key. (Other valid answers: spyware.)

Q2: Explain how a phishing attack works and describe two ways an organisation can protect against it.

Answer: In a phishing attack, the attacker sends fake emails or creates fake websites that mimic legitimate organisations (such as a bank or social media platform). The message typically creates a sense of urgency (e.g., “Your account has been suspended”) and includes a link. When the victim clicks the link and enters their login credentials or personal information, the data is sent to the attacker. Two protection methods: (1) Staff training — educate employees to recognise signs of phishing (suspicious sender addresses, urgency, spelling errors, unexpected links) and never enter credentials via email links. (2) Two-factor authentication (2FA) — even if credentials are stolen, the attacker cannot access the account without the second factor (e.g., a code sent to the user’s phone).

Q3: What is a DDoS attack? Explain how it works and why it is difficult to defend against.

Answer: A DDoS (Distributed Denial of Service) attack aims to make a server or service unavailable by flooding it with an enormous volume of traffic. The attacker uses a botnet — a network of thousands of compromised computers infected with malware — to send millions of requests to the target simultaneously. The server becomes overwhelmed and cannot process legitimate requests, causing the website or service to go offline. DDoS attacks are difficult to defend against because: (1) the traffic comes from many different IP addresses, so blocking a single source is ineffective; (2) the malicious traffic can be hard to distinguish from legitimate traffic; (3) the sheer volume of traffic can exceed the server’s capacity even with protective measures in place.

Q4: Compare symmetric and asymmetric encryption. Give one advantage and one disadvantage of each.

Answer: Symmetric encryption uses the same key for both encryption and decryption. Advantage: it is fast and efficient, making it suitable for encrypting large amounts of data. Disadvantage: both parties must share the key securely beforehand; if the key is intercepted during transmission, the encryption is broken. Asymmetric encryption uses a pair of keys: a public key (shared openly) for encryption and a private key (kept secret) for decryption. Advantage: no need to share a secret key; anyone can encrypt data with the public key, but only the holder of the private key can decrypt it, solving the key distribution problem. Disadvantage: it is much slower than symmetric encryption, making it less practical for encrypting large volumes of data.

Q5: Explain how a firewall protects a network. Describe the difference between hardware and software firewalls.

Answer: A firewall protects a network by monitoring all incoming and outgoing traffic and applying a set of predefined security rules to determine whether each packet should be allowed through or blocked. It acts as a barrier between the trusted internal network and untrusted external networks. It uses packet filtering to inspect packets based on source/destination IP addresses, port numbers, and protocols. A hardware firewall is a dedicated physical device placed between the network and the internet. It protects the entire network and is commonly used in business environments. A software firewall is a program installed on an individual computer. It protects only the specific device it is installed on. Most operating systems include a built-in software firewall. Organisations typically use both for layered defence.

Q6: A school wants to protect against ransomware attacks. Recommend three specific prevention methods and explain how each helps.

Answer: (1) Regular backups stored in a separate location — if ransomware encrypts the school’s files, they can restore all data from a recent backup without paying the ransom. Backups should be stored offsite or in the cloud so they are not encrypted by the same attack. (2) Anti-malware software with real-time protection — this can detect and block ransomware before it executes by scanning files against a database of known malware signatures. The software must be kept up to date to recognise the latest ransomware variants. (3) Staff training — ransomware is often delivered through phishing emails with malicious attachments or links. Training staff to recognise suspicious emails, avoid clicking unknown links, and report potential threats significantly reduces the risk of ransomware infection.

Q7: What is SQL injection? Explain how it works and how it can be prevented.

Answer: SQL injection is an attack where an attacker enters SQL code into a web form (such as a login box or search field) instead of normal input. If the website does not properly validate the input, the SQL code is passed directly to the database server and executed. This can allow the attacker to bypass login authentication, read sensitive data (usernames, passwords, credit card numbers), modify or delete data, or perform administrative operations on the database. It can be prevented by: (1) Input validation and sanitisation — checking all user input and removing or escaping special characters before it reaches the database; (2) Parameterised queries (prepared statements) — a coding technique that ensures user input is always treated as data, never as executable SQL code; (3) Penetration testing — regularly testing the website for SQL injection vulnerabilities.

Q8: Explain the importance of the “principle of least privilege” in network security, and give an example.

Answer: The principle of least privilege states that users should be given the minimum level of access necessary to carry out their job. This is important because it limits the potential damage if a user’s account is compromised. If an attacker gains control of an account that only has access to one department’s files, they cannot access the entire organisation’s data. Example: a school receptionist needs access to the student contact database to phone parents, but they do not need access to the school’s financial records or exam papers. Under the principle of least privilege, their account would only have permission to view the contact database — not financial or academic systems. If their account were hacked, the attacker could only access contact information, not the school’s finances.

Q9: Describe what social engineering is and explain why it is effective, even against organisations with strong technical security.

Answer: Social engineering is a type of attack that exploits human behaviour rather than technical vulnerabilities. Instead of hacking software, the attacker manipulates, deceives, or tricks people into revealing confidential information or performing actions that compromise security. Types include phishing (fake emails/websites), pretexting (fabricated scenarios), baiting (infected USB drives), and shoulder surfing (watching someone enter a password). Social engineering is effective even against organisations with strong technical security because humans are often the weakest link. A firewall cannot prevent an employee from giving their password to a convincing caller. Encryption cannot stop someone from willingly entering their credentials on a fake website. The strongest technical defences are undermined if the people using them can be manipulated. This is why staff training is essential.

Q10: A business discovers that a man-in-the-middle attack has been intercepting employee communications. Recommend two prevention methods and explain how each would stop this attack.

Answer: (1) Encryption using HTTPS and VPN — if all communication is encrypted, even if an attacker intercepts the data, they cannot read or understand it. HTTPS encrypts web traffic between the browser and server, while a VPN (Virtual Private Network) creates an encrypted tunnel for all network traffic. The attacker would only see scrambled, unreadable data. (2) Avoid unsecured public Wi-Fi networks and use only trusted, authenticated networks — man-in-the-middle attacks commonly occur on public Wi-Fi where the attacker can position themselves between users and the router. A network policy requiring employees to use only the company’s secured Wi-Fi or a VPN when working remotely removes the opportunity for the attacker to intercept the connection. Certificate verification (checking that HTTPS certificates are valid) also helps users confirm they are communicating with the genuine server and not an impersonator.

Reference

Key Vocabulary

This table summarises the essential terms for this topic. Use it for revision and to check your understanding.

TermDefinition
Network securityPolicies, practices, hardware, and software used to protect a network and its data from unauthorised access, attacks, and damage
MalwareMalicious software designed to cause damage, steal data, or gain unauthorised access (includes viruses, worms, Trojans, ransomware, spyware)
VirusMalware that attaches to a legitimate host file and replicates when the file is executed
WormStandalone malware that self-replicates and spreads across networks without needing a host file
TrojanMalware disguised as legitimate software; does not self-replicate but relies on tricking users into installing it
RansomwareMalware that encrypts a victim’s files and demands payment for the decryption key
SpywareMalware that secretly monitors user activity and steals data (e.g., keyloggers)
Social engineeringAttacks that exploit human behaviour through manipulation and deception rather than technical vulnerabilities
PhishingSending fake emails or creating fake websites to trick victims into revealing login credentials or personal information
PretextingCreating a fabricated scenario to trick a victim into revealing information or granting access
BaitingLeaving infected storage devices (e.g., USB drives) in public places to exploit curiosity
Shoulder surfingPhysically watching someone enter a password or PIN
DDoSDistributed Denial of Service — overwhelming a server with traffic from many sources (a botnet) to make it unavailable
BotnetA network of compromised computers controlled by an attacker, often used to launch DDoS attacks
SQL injectionEntering SQL code into web forms to exploit poorly coded websites and access or modify database contents
Brute force attackTrying every possible password combination, often using automated software, until the correct one is found
Man-in-the-middleIntercepting communication between two parties who believe they are communicating directly
FirewallA security system that monitors network traffic and blocks packets that violate predefined security rules
EncryptionScrambling data into an unreadable format that can only be decoded with the correct decryption key
Symmetric encryptionEncryption that uses the same key for both encryption and decryption
Asymmetric encryptionEncryption that uses a pair of keys: a public key for encryption and a private key for decryption
AuthenticationThe process of verifying a user’s identity before granting access (passwords, 2FA, biometrics)
Two-factor authentication (2FA)Requiring two different forms of identification (e.g., password + phone code) for access
BiometricsUsing unique physical characteristics (fingerprint, face, iris) to verify identity
Penetration testingAuthorised ethical hackers attempting to find vulnerabilities in a system before malicious attackers do
Principle of least privilegeGiving users the minimum level of access necessary to perform their role
GDPRGeneral Data Protection Regulation — EU/UK law requiring organisations to protect personal data or face significant fines
Exam Tips

How to Succeed in the Exam

Exam Tip: Know Your Attack Types You must be able to identify each type of attack from a description and explain how it works. For malware types, know the key differences: viruses need a host file, worms spread on their own, Trojans are disguised, ransomware encrypts, and spyware monitors. For social engineering, know the difference between phishing, pretexting, baiting, and shoulder surfing. Examiners love scenario-based questions where you must identify the attack.
Exam Tip: Link Threats to Prevention When recommending prevention methods, always explain how the method helps for that specific threat. Do not just list prevention methods generically. For example, “staff training” is a valid prevention for phishing because it teaches employees to recognise fake emails, but it is not the best prevention for a DDoS attack. Match your prevention to the threat.
Exam Tip: The Layered Approach If a question asks how an organisation should protect its network, emphasise the layered approach (defence in depth). Mention a combination of technical measures (firewalls, encryption, anti-malware), human measures (training, policies), and physical measures (locked rooms, CCTV). Explaining that no single method is sufficient shows deeper understanding.
Exam Tip: Virus vs Worm This is one of the most commonly confused pairs. Write this in your revision notes: Virus = needs a host, activates when file opened, replicates to other files. Worm = standalone, spreads automatically across networks, no user action needed. If the scenario says “spread without anyone clicking anything,” it is a worm.
Exam Tip: GDPR and Legal Requirements You may be asked about the legal context of network security. Know that GDPR and the Data Protection Act 2018 require organisations to protect personal data. Mention specific consequences of non-compliance: fines of up to 20 million euros or 4% of global turnover, legal action from individuals, and reputational damage. This shows you understand the real-world importance of security.
Exam Tip: Use Precise Vocabulary Use the correct technical terms in your answers. Write “phishing” not “fake email attack.” Write “ransomware” not “virus that locks files.” Write “DDoS” and explain what the initials stand for. Write “principle of least privilege” not “only giving people some access.” Precise vocabulary earns marks.
Resources

Video Resources

These Craig 'n' Dave videos cover threats, vulnerabilities, and protection methods in detail.

▶️
Craig 'n' Dave: Importance of Network SecurityWhy network security matters
 ▶️
Craig 'n' Dave: Identifying Network VulnerabilitiesWays to find and understand security weaknesses
 ▶️
Craig 'n' Dave: Methods of Protecting NetworksFirewalls, encryption and other protection methods
 ▶️
Craig 'n' Dave: MalwareViruses, worms, trojans and other malicious software
 ▶️
Craig 'n' Dave: How Hackers Exploit Technical VulnerabilitiesUnderstanding common attack methods
 ▶️
Craig 'n' Dave: Social EngineeringPhishing, pretexting and human-based attacks
 ▶️
Craig 'n' Dave: Protecting Digital Systems and DataSecurity measures and best practices

Past Paper Questions

Practise these exam-style questions. Click each question to reveal the mark scheme.

Describe two methods an organisation could use to protect their network from cyber attacks. 4 marks

Mark scheme:

  • Firewall: Monitors incoming and outgoing network traffic (1 mark) and blocks unauthorised access/suspicious activity (1 mark)
  • Anti-malware software: Scans files for known malware/viruses (1 mark) and removes or quarantines infected files (1 mark)
  • Encryption: Scrambles data so it cannot be read (1 mark) if intercepted by hackers (1 mark)
  • Strong passwords: Complex passwords are harder to guess/crack (1 mark) reducing risk of unauthorised access (1 mark)
Reflect

Network Security in the Real World

Network security is not an abstract concept confined to textbooks — it affects your daily life. Consider how the topics you have just studied connect to the real world:

Challenge yourself: Over the next week, pay attention to the security features you encounter in your daily life. How many websites use HTTPS? How many of your accounts have 2FA available? Can you spot any potential phishing emails in your inbox? Have you ever connected to unsecured public Wi-Fi without a VPN? The more aware you are, the safer you will be online.

Final Thought Network security is a constant battle. As defenders develop new protections, attackers develop new methods of attack. No system is ever 100% secure, which is why a layered approach combining technology, training, policies, and physical measures is essential. As you continue your studies in Computer Science, remember that security is not just a topic for an exam — it is a skill and a mindset that will serve you throughout your life, whether you are protecting your own data or defending an entire organisation.

Interactive Games

Further Reading & External Resources