You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
This lesson brings together everything you have learned about network security in OCR J277 Section 1.4. We will review the key topics, practise exam-style questions, and develop effective techniques for answering security questions in the OCR GCSE Computer Science Paper 1 exam.
Before the exam, make sure you can confidently explain each of the following:
| Topic | Key Points to Remember |
|---|---|
| Malware types | Virus (needs host), worm (self-replicating), trojan (disguised), ransomware (encrypts files), spyware (monitors), adware (adverts) |
| Social engineering | Phishing (fake emails), pharming (DNS redirect), shouldering (observation), blagging (false identity) |
| SQL injection | Malicious SQL in input fields; prevent with input validation and parameterised queries |
| Penetration testing | Authorised testing; black/white/grey box; find vulnerabilities before attackers |
| Firewalls | Monitor and control traffic based on rules; cannot stop all threats |
| Proxy servers | Intermediary; hides IP, filters content, caches pages |
| Encryption | Symmetric (one key, fast), asymmetric (two keys, solves key distribution) |
| Authentication | Passwords, biometrics, 2FA; three factors: know, have, are |
| Network policies | AUP, password policy, backup policy, disaster recovery |
| Physical security | Locked rooms, CCTV, biometric access, cable locks |
The map below organises J277 1.4 threats into one mental model that you can draw quickly in revision.
mindmap
root((Network Threats))
Malware
Virus
Worm
Trojan
Ransomware
Spyware
Social Engineering
Phishing
Pharming
Blagging
Shouldering
Technical Attacks
SQL Injection
Brute Force
DDoS
Insider
Weak Passwords
Lost Devices
Network security questions in OCR J277 Paper 1 typically appear as:
OCR Exam Tip: For extended-response questions, structure your answer with clear paragraphs. Discuss multiple threats and multiple prevention methods. Use specific terminology (e.g. "two-factor authentication" not "extra security"). Link each threat to a specific prevention method.
Question: State what is meant by the term 'social engineering' in the context of network security. (2 marks)
Model answer: Social engineering is the manipulation of people (1) into revealing confidential information or performing actions that compromise security (1).
Question: Describe how SQL injection can be used to gain unauthorised access to a database. (3 marks)
Model answer: The attacker enters malicious SQL code into an input field on a website (1), such as a login form. If the input is not validated/sanitised, the SQL code is executed by the database server (1). This can allow the attacker to bypass authentication, read sensitive data, or modify/delete records (1).
Question: A small business stores customer data on a network. Discuss the threats to this data and recommend measures to protect against them. (8 marks)
Model answer structure:
Paragraph 1 — Malware threat: The business is vulnerable to malware such as ransomware, which could encrypt customer data and demand payment. To protect against this, the company should install and regularly update anti-malware software and ensure all operating systems and software are patched with the latest security updates.
Paragraph 2 — Phishing and social engineering: Employees could be targeted by phishing emails attempting to steal login credentials. Staff training should be provided so employees can recognise suspicious emails. Two-factor authentication should be implemented so that stolen passwords alone are not sufficient for access.
Paragraph 3 — Unauthorised access: Attackers may attempt brute force attacks or SQL injection to access the database. The business should use strong password policies, implement firewalls to control incoming traffic, and ensure all web applications use input validation and parameterised queries to prevent SQL injection.
Paragraph 4 — Physical and policy measures: Servers should be kept in locked rooms with restricted access. Regular backups should be stored off-site so data can be recovered if compromised. A disaster recovery plan should define how the business will respond to a security incident.
OCR Exam Tip: In extended response questions, aim for at least 3-4 well-developed paragraphs. Each paragraph should name a specific threat, explain how it works, and recommend a specific prevention method. Use technical terminology throughout.
| Mistake | Correction |
|---|---|
| Describing what malware does without naming specific types | Always name specific malware types (virus, worm, trojan, etc.) |
| Saying "use antivirus" as the only prevention method | Mention multiple layers: firewall, encryption, authentication, policies |
| Confusing phishing with pharming | Phishing uses fake emails; pharming redirects via DNS |
| Saying encryption "prevents hacking" | Encryption protects data confidentiality if intercepted — it does not prevent access to systems |
| Ignoring physical security | Always consider physical measures alongside technical ones |
| Writing vague answers | Use specific terminology and detailed explanations |
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.