You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
This lesson covers network security threats and prevention methods. You need to understand common threats (malware, phishing, DoS, MITM, SQL injection) and prevention measures (firewalls, encryption, penetration testing, MAC filtering) for the OCR H446 specification.
Networks are targets for attackers seeking to steal data, disrupt services, or gain unauthorised access. Organisations must implement multiple layers of security to protect their systems, data, and users.
Malware (malicious software) is any software designed to damage, disrupt, or gain unauthorised access to a system.
| Type | Description |
|---|---|
| Virus | Attaches to a legitimate program and spreads when the program is executed |
| Worm | Self-replicating malware that spreads across networks without user interaction |
| Trojan | Disguises itself as legitimate software but performs malicious actions |
| Ransomware | Encrypts the victim's files and demands payment for the decryption key |
| Spyware | Secretly monitors user activity and sends data to the attacker |
| Adware | Displays unwanted advertisements, often bundled with free software |
| Rootkit | Hides deep in the OS, giving the attacker persistent privileged access |
Phishing is a social engineering attack where the attacker impersonates a trusted entity to trick the victim into revealing sensitive information (passwords, bank details, etc.).
| Method | Description |
|---|---|
| Email phishing | Fake emails that appear to be from a trusted source (e.g., bank, employer) |
| Spear phishing | Targeted phishing aimed at a specific individual or organisation |
| Smishing | Phishing via SMS text messages |
| Vishing | Phishing via voice calls |
| Pharming | Redirecting users to fake websites by corrupting DNS records |
A DoS attack floods a server with traffic to make it unavailable to legitimate users.
| Type | Description |
|---|---|
| DoS | Attack from a single source |
| DDoS | Attack from many sources (often a botnet — network of compromised devices) |
| Effect | Server is overwhelmed and cannot respond to legitimate requests |
| Example | Flooding a web server with millions of HTTP requests |
In a MITM attack, the attacker secretly intercepts and potentially alters communication between two parties who believe they are communicating directly.
| Stage | Description |
|---|---|
| 1 | Attacker positions themselves between the sender and receiver |
| 2 | Attacker intercepts messages from the sender |
| 3 | Attacker may read, modify, or inject messages before forwarding to the receiver |
| 4 | Neither party is aware of the attacker's presence |
Prevention: HTTPS (TLS encryption), certificate verification, VPNs.
SQL injection exploits vulnerabilities in web applications that use databases. The attacker inserts malicious SQL code into input fields.
Normal login query:
SELECT * FROM users WHERE username = 'alice' AND password = 'pass123'
Injected input (username field): ' OR 1=1 --
Resulting query:
SELECT * FROM users WHERE username = '' OR 1=1 --' AND password = ''
The condition OR 1=1 is always true, so the query returns all users. The -- comments out the rest of the query. The attacker gains unauthorised access.
| Method | Description |
|---|---|
| Parameterised queries | Use placeholders for user input, preventing code injection |
| Input validation | Check that input matches expected patterns (e.g., no special characters) |
| Escaping special characters | Convert characters like ' to safe equivalents |
| Least privilege | Database accounts used by the application should have minimal permissions |
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.