Network Security Measures

After learning about the threats that networks face, this lesson covers the security measures used to protect networks, data and users. A layered approach — using multiple defences together — provides the strongest protection.

---

Firewalls

A firewall is a security system that monitors and controls incoming and outgoing network traffic based on a set of predefined rules. It acts as a barrier between a trusted internal network and an untrusted external network (such as the internet).

How firewalls work

• A firewall examines each packet of data entering or leaving the network.
• It checks the packet against its rules (also called policies or access control lists).
• Packets that match an "allow" rule are permitted through; packets that match a "deny" rule are blocked.
• Rules can be based on: IP addresses, port numbers, protocols and packet content.

Types of firewall

Type	Description
Hardware firewall	A dedicated physical device placed between the internal network and the internet. Common in businesses.
Software firewall	A program running on a computer (e.g. Windows Firewall). Protects individual devices.

What firewalls can do

• Block unauthorised access from the internet.
• Prevent malware from sending data out of the network.
• Block access to certain websites or services.
• Log all connection attempts for monitoring and investigation.

What firewalls cannot do

• Protect against threats that enter through allowed channels (e.g. a phishing email that passes through the email port).
• Prevent social engineering attacks.
• Stop malware that is already inside the network (unless it tries to communicate externally).

---

Encryption

Encryption is the process of converting data into an unreadable format (ciphertext) so that only authorised parties with the correct key can read it. Even if an attacker intercepts the data, they cannot understand it without the key.

How encryption works

1. The sender encrypts the plaintext (original data) using an encryption algorithm and a key.
2. The data becomes ciphertext — scrambled and unreadable.
3. The ciphertext is transmitted across the network.
4. The recipient uses the correct decryption key to convert the ciphertext back into plaintext.

Types of encryption

Type	Description	Example
Symmetric encryption	The same key is used to encrypt and decrypt. Both parties must share the key securely.	AES (Advanced Encryption Standard)
Asymmetric encryption	Two keys are used: a public key (shared openly) for encryption and a private key (kept secret) for decryption.	RSA

Where encryption is used

• HTTPS — encrypts web traffic between the browser and web server using TLS.
• WPA2/WPA3 — encrypts Wi-Fi transmissions between devices and the WAP.
• Email encryption — encrypts email content so only the intended recipient can read it.
• VPNs (Virtual Private Networks) — encrypt all data sent between a device and a remote server, creating a secure "tunnel" through the internet.
• Full disk encryption — encrypts all data stored on a hard drive (e.g. BitLocker on Windows).

---

Authentication

Authentication is the process of verifying that a user is who they claim to be before granting access to a system or network.

Methods of authentication

Passwords

• The most common form of authentication.
• A strong password should be: long (at least 8-12 characters), contain upper and lower case letters, numbers and special characters, and be unique to each account.
• Weak passwords (e.g. "password123", "qwerty") are easily guessed or cracked by brute force.

Two-Factor Authentication (2FA)

• Requires two different types of verification:
  1. Something you know (password or PIN)
  2. Something you have (a phone receiving an SMS code or a hardware token)
  3. Something you are (biometric — fingerprint, face recognition)
• Even if an attacker obtains the password, they cannot access the account without the second factor.

Biometrics

• Using unique physical characteristics to verify identity: fingerprint, facial recognition, iris scan or voice recognition.
• Difficult to forge or steal.
• Cannot be forgotten (unlike passwords).
• Privacy concerns — biometric data, if stolen, cannot be changed like a password.

Method	Strengths	Weaknesses
Password	Easy to implement	Can be guessed, stolen or cracked
2FA	Much more secure than password alone	Requires additional device; slightly less convenient
Biometrics	Unique to individual; cannot be forgotten	Privacy concerns; cannot be changed if compromised

---

MAC Address Filtering

MAC address filtering is a security measure where a network administrator configures the router or switch to only allow devices with specific MAC addresses to connect.

How it works

1. The administrator creates a whitelist of approved MAC addresses.
2. When a device tries to connect, the router/switch checks the device's MAC address against the whitelist.
3. If the MAC address is on the list, the device is allowed to connect. If not, access is denied.

Advantages

• Provides an additional layer of security.
• Only known, approved devices can connect to the network.

Limitations

• MAC spoofing — an attacker can change (spoof) their device's MAC address to match an approved one.
• Management overhead — every new device must be manually added to the whitelist, which is impractical on large networks.
• Should be used alongside other measures, not as the sole protection.

---

Access Control

Access control limits what each user can see and do on the network:

• User accounts — each user has a unique username and password.
• User access levels — different users have different permissions (e.g. read-only, read-write, administrator).
• File permissions — specific files and folders can be restricted so only authorised users can access them.
• Network segmentation — dividing the network into sections so that users can only access the resources relevant to their role.

---

Anti-Malware Software

Anti-malware (antivirus) software detects, quarantines and removes malware from a computer.

How it works

• Scans files and programs against a database of known malware signatures.
• Uses heuristic analysis to detect suspicious behaviour that might indicate unknown malware.
• Can perform real-time scanning (checking files as they are opened) and scheduled scans.
• Must be regularly updated so that it can recognise the latest threats.

---

Physical Security

Physical security measures protect the hardware itself:

• Locked server rooms — prevent unauthorised access to servers and networking equipment.
• CCTV — monitors access to secure areas.
• Visitor sign-in — tracks who enters and leaves the building.
• Cable locks — secure laptops to desks to prevent theft.

---

Policies and Education

Technical measures alone are not enough. Organisations also need:

• Acceptable use policies — define what users are and are not allowed to do on the network.
• Regular training — educate users about phishing, strong passwords and safe internet use.
• Backup policies — ensure data is regularly backed up so it can be recovered after an attack.
• Software updates — keeping operating systems and applications patched to fix known vulnerabilities.

---

Defence in Depth

No single measure provides complete protection. A defence in depth (layered) approach uses multiple measures together:

• Firewall + encryption + strong authentication + anti-malware + user education + physical security.
• If one layer fails, the others still provide protection.

---

Summary

• Firewalls filter network traffic based on rules.
• Encryption makes data unreadable to unauthorised parties.
• Authentication (passwords, 2FA, biometrics) verifies user identity.
• MAC address filtering restricts network access to approved devices.
• Anti-malware detects and removes malicious software.
• Physical security and user education are also essential.

Exam Tip: When asked how to protect a network, always suggest multiple measures and explain why each one helps. The examiner wants to see a layered approach — firewall to filter traffic, encryption to protect data in transit, strong passwords with 2FA to prevent unauthorised access, and anti-malware to catch threats that get through.

---

Deeper dive: encryption mathematics and worked defence examples

Encryption is the single most important technical control on any modern network. AQA expects you to distinguish symmetric and asymmetric encryption, understand where each is used, and explain how they combine in protocols such as HTTPS.

Symmetric encryption — worked example

In symmetric encryption, the same secret key is used to encrypt and decrypt. A trivial Caesar cipher with key 3 shifts every letter by three positions: HELLO becomes KHOOR. Modern symmetric algorithms such as AES use much larger keys (128 or 256 bits) and operate on 128-bit blocks of data using many rounds of substitution and permutation. AES is fast — modern CPUs can encrypt several gigabytes per second.