Network Security & Threats (OCR A Level Computer Science)
Revision Note
Written by: Neil Southin
Reviewed by: James Woodhouse
Network Security & Threats
What are Common Network Threats?
Hackers
Individuals or groups who exploit system vulnerabilities to gain unauthorised access to data
Hacking involves gaining unauthorised access to a system or network to steal or manipulate data, disrupt services, or cause damage
The aim of hacking can vary from personal gain to activism or cyber espionage
Viruses
Malicious software programs designed to spread from one computer to another and interfere with normal operations
A virus attaches itself to a legitimate program or file and then replicates itself to spread to other programs or files on the computer. It can cause damage to the system, including deleting data or damaging hardware
Malware
Malware is malicious software designed to harm or gain unauthorised access to a system or network. Types of malware include:
A worm is similar to a virus but is a standalone program that can spread and replicate itself over computer networks. It can take up storage space or bandwidth
A Trojan horse is a program that disguises itself as a legitimate program or file, but when installed, it can delete data or damage hardware
Spyware is software that records all key presses and transmits these to a third-party
Adware is software that displays unwanted advertisements on the computer without the user's consent. Some of these may contain spyware, and some may link to viruses when clicked
Ransomware is malware that encrypts the user's files and demands a ransom payment to decrypt them. It can cause data loss and financial damage and disrupt business operations
The aim of malware attacks can range from data theft to extortion or disruption of services
Denial of Service (DoS)
A DoS attack is where a computer floods a server with lots of requests at the same time, which the server can’t respond to, causing it to crash or become unavailable to users
A DoS attack aims to disrupt the normal functioning of a system or network by denying users access
Distributed Denial of Service (DDoS) Attack
A DDoS attack is where similar to a DoS attack but instead multiple computers are used as bots which send the requests to the server
SQL Injection
An attack technique used to exploit security vulnerabilities in a website, where malicious SQL statements are inserted into an entry field for execution
This can potentially expose a company’s database to hackers
Phishing
Attempting to acquire sensitive information by masquerading as a trustworthy entity in an electronic communication
Phishing involves the user being sent an email that looks legitimate
This email contains a link to a fake website where the user is encouraged to enter their details
Phishing aims to steal sensitive information for personal gain or to use it for further cyber attacks
Pharming
This is a cyber attack intended to redirect a website's traffic to another bogus site
Pharming involves malware being downloaded without the user’s knowledge
This redirects the user to a fake website where they’re encouraged to enter their personal details
Pharming aims to steal sensitive information for personal gain or to use it for further cyber attacks
Social Engineering
Social engineering involves manipulating individuals to gain access to confidential information or to perform an action that benefits the attacker
This can include techniques such as:
Posing as someone else to gain trust or access to sensitive information - attackers might pretend to be a co-worker, IT support personnel, or a law enforcement officer to get people to divulge sensitive information or perform an action they wouldn't otherwise do
Enticing a victim with the promise of a desirable item to extract sensitive information or gain access to a system
Leaving a USB drive with a tempting label, like "salary information," in a public place and waiting for someone to pick it up and plug it into a computer - once the drive is connected to the computer, the attacker can access sensitive information or install malware
Posing as a bank representative and asking for personal information to "verify your account”
Network security
There are many different methods and techniques that have been developed to make networks more secure. Some of these include:
Firewalls: Network security systems that monitor and control incoming and outgoing network traffic based on predetermined security rules
Secure Passwords: Using strong, complex, and unique passwords helps to protect against unauthorised access
Anti-virus Software: Programs designed to detect and neutralise or remove malicious software like viruses, worms, and Trojans
Anti-spyware Software: Tools to detect and remove spyware and other kinds of malware
Two-factor Authentication (2FA): Adds an additional layer of security by requiring users to provide two forms of identification - usually a code sent to their phone or email as well as their password
Regular Software Updates: Keeping all systems and software up-to-date ensures you have the latest security patches
Employee training can be essential to instil a culture of security consciousness within the company
A strong security policy (e.g. insisting on regular password changes) can further help in maintaining a secure network environment
Last updated:
You've read 0 of your 5 free revision notes this week
Sign up now. It’s free!
Did this page help you?