You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
This lesson covers the most common threats to network security as required by OCR J277 Section 1.4. Understanding these threats is essential for protecting computer systems and is a key topic in your GCSE Computer Science exam.
Networks allow computers to communicate and share resources, but this connectivity also creates vulnerabilities. Any device connected to a network is potentially exposed to attack. Threats can come from outside an organisation (external threats) or from within (internal threats, such as disgruntled employees).
The CIA triad summarises the three main goals of network security:
| Goal | Meaning | Example |
|---|---|---|
| Confidentiality | Only authorised users can access data | Encryption prevents eavesdropping |
| Integrity | Data is not altered without authorisation | Checksums detect tampering |
| Availability | Systems and data are accessible when needed | Backups and redundancy prevent downtime |
Malware (malicious software) is any software designed to damage, disrupt or gain unauthorised access to a computer system. Malware is one of the most widespread network security threats.
Common types of malware include:
OCR Exam Tip: Make sure you can distinguish between different types of malware. A common exam question asks you to identify the type of malware from a description. Remember: a virus needs a host file, a worm is self-replicating, and a trojan pretends to be something useful.
Phishing is a form of social engineering where attackers send fraudulent communications (usually emails) that appear to come from a trusted source. The goal is to trick the recipient into revealing sensitive information such as passwords, bank details or personal data.
Unlike general phishing, spear phishing targets specific individuals or organisations. The attacker researches the target to make the email highly convincing.
A brute force attack is a method of cracking passwords by systematically trying every possible combination of characters until the correct one is found.
| Aspect | Detail |
|---|---|
| Method | Tries all possible character combinations |
| Speed | Depends on password length and complexity |
| Weakness exploited | Short or simple passwords |
| Prevention | Strong passwords, account lockouts, rate limiting |
A dictionary attack is a variation that tries common words and known passwords rather than every possible combination, making it faster for weak passwords.
OCR Exam Tip: When asked about preventing brute force attacks, mention strong passwords (mix of upper/lowercase, numbers, symbols), account lockout after failed attempts, and two-factor authentication.
A Denial of Service (DoS) attack aims to make a network, service or website unavailable to its intended users by flooding it with more traffic or requests than it can handle.
A Distributed Denial of Service (DDoS) attack uses multiple compromised computers (a botnet) to launch the attack simultaneously, making it much harder to defend against.
| Feature | DoS | DDoS |
|---|---|---|
| Source | Single computer | Multiple computers (botnet) |
| Difficulty to block | Easier — block one IP | Harder — thousands of IPs |
| Scale | Smaller | Much larger |
OCR Exam Tip: DDoS attacks do not steal data — they simply prevent access. Make sure you describe the impact correctly: the service becomes unavailable, causing financial loss and reputational damage.
| Threat | Description | Impact |
|---|---|---|
| Malware | Malicious software (viruses, worms, trojans, etc.) | Data theft, system damage, loss of control |
| Phishing | Fraudulent emails to steal credentials | Identity theft, financial loss |
| Brute force | Trying all password combinations | Unauthorised access |
| DoS/DDoS | Flooding servers with traffic | Service unavailability |
Understanding these threats is the first step in protecting networks. In the following lessons, we will explore specific attack types in more detail and learn about the prevention methods used to defend against them.