Network security questions appear on every GCSE Computer Science paper. You need to identify specific threats, explain how they work, and match them to appropriate defences. A common exam mistake is giving a generic defence (like 'use a firewall') that doesn't match the specific threat.
| Threat | How it works | Defences |
|---|---|---|
| Malware (virus, ransomware, spyware) | Malicious software installed on a device — damages files, steals data, encrypts files for ransom | Antivirus software (updated); OS and software updates; don't open unknown attachments |
| Phishing | Fake emails/websites trick users into revealing passwords or financial details | User education; email filtering; check URL/sender carefully; 2FA |
| Brute force | Automated software tries all possible passwords until the correct one is found | Strong passwords; account lockout after failed attempts; CAPTCHA; 2FA |
| DoS / DDoS | Flood a server with requests to make it unavailable to legitimate users | Firewalls; rate limiting; CDN; traffic filtering |
| SQL injection | Malicious SQL code in input fields manipulates the database | Parameterised queries; input validation/sanitisation; principle of least privilege |
| Man-in-the-middle | Attacker intercepts communications between two parties | HTTPS/TLS encryption; certificate verification; VPN on public WiFi |
Try these before expanding the hints. Write your answer, then compare.
Describe what is meant by a phishing attack and state one way to defend against it.
Mark scheme hint: Phishing involves sending fraudulent emails or creating fake websites [1]; that appear to be from a legitimate source (e.g. a bank) [1]; to trick users into revealing sensitive information such as passwords [1]. Defence: educate users to check sender addresses and not click suspicious links [1]; OR email filtering software that detects and blocks phishing emails [1]. Any 2 marks from description + 1 mark defence.
A company's database is accessed by attackers using SQL injection. Explain how this attack works.
Mark scheme hint: The attacker enters malicious SQL code into an input field on a website [1]; the website includes this input directly in a database query without validating it [1]; the SQL code manipulates the query to allow unauthorised access to, modification of, or deletion of data in the database [1].
State two threats to network security and for each threat describe one appropriate defence.
Mark scheme hint: Malware → install and regularly update antivirus software [1+1]. Brute force → implement account lockout after a set number of failed login attempts [1+1]. Phishing → user training/education to recognise suspicious emails [1+1]. Denial of service → use firewalls to filter and limit suspicious traffic [1+1]. Any 2 threat+defence pairs.
Explain why HTTPS is more secure than HTTP for online banking.
Mark scheme hint: HTTPS uses TLS encryption [1]; data transmitted between the browser and server is encrypted/converted to ciphertext [1]; even if the data is intercepted (e.g. by packet sniffing), an attacker cannot read the sensitive information without the decryption key [1].
Hundreds more exam-style questions with full mark schemes — all free.
Question Bank →"Use antivirus software" as a defence against phishing.
"Educate users to recognise suspicious emails, check sender addresses, and not click unfamiliar links. Use email filtering software." Antivirus catches malicious files — it does not prevent users from typing their password into a fake website.
Saying "brute force is when hackers guess your password manually".
Brute force uses AUTOMATED SOFTWARE that generates and tries thousands of password combinations per second — a human could never do this manually. This is why short or simple passwords are unsafe.
Describing encryption as "scrambling" or "hiding" data without explaining the role of the key.
"Encryption converts plaintext into ciphertext using an algorithm and a key. Only someone with the correct decryption key can convert the ciphertext back to readable plaintext." The key is essential to the explanation.
One-to-one online tutoring with an experienced Computer Science teacher. Work through exactly the topics you find hardest — exam technique, algorithms, programming and more.
Malware is the umbrella term for all malicious software. A virus is a specific type of malware that replicates itself by attaching to other files and spreading when those files are shared. Ransomware is malware that encrypts a victim's files and demands payment for the decryption key. Other types include: spyware (collects data secretly), worms (self-replicating, spread across networks), and trojans (disguised as legitimate software).
Phishing is a social engineering attack — criminals send fake emails or create fake websites to trick users into revealing passwords, card numbers or other sensitive information. No technical hacking is involved — it exploits human trust. Brute force is a technical attack — automated software tries every possible password combination until the correct one is found. Defence against phishing: user education, email filtering. Defence against brute force: account lockout after failed attempts, strong passwords, CAPTCHA.
SQL injection occurs when malicious SQL code is entered into an input field (like a search box or login form) that is directly included in a database query without validation. The attacker can manipulate the query to bypass authentication, access unauthorised data, or delete/modify the database. Prevention: use parameterised queries (prepared statements) which treat input as data, not code.
Encryption converts readable data (plaintext) into an unreadable form (ciphertext) using an algorithm and a key. Even if a packet is intercepted during transmission, the attacker cannot read it without the decryption key. HTTPS uses TLS encryption to protect web traffic. Without encryption, anyone who intercepts network traffic (packet sniffing) could read sensitive information like passwords and bank details.