J277 Component 1 · 1.4 Network Security

Network Security Defences

CSHub

Why Defences Matter

Networks face constant threats: malware, phishing, brute-force attacks, and eavesdropping. Effective security is layered — no single defence is enough on its own. The OCR spec expects you to know which defence counters which threat.

Exam tip: When asked to suggest a defence, always link it to the specific threat it mitigates and explain why it works — not just what it is.

Security Defences

Firewalls Counters: Unauthorised access, port scanning

Monitors all incoming and outgoing network traffic and blocks anything that doesn't match security rules.

  • Can be hardware (a physical device) or software (installed on OS)
  • Uses rules/filters to allow or block traffic by IP address, port, or protocol
  • Prevents unauthorised external access to the internal network
  • Does not protect against threats that originate inside the network
Encryption Counters: Eavesdropping, man-in-the-middle

Scrambles data into an unreadable format using an algorithm and key. Only someone with the correct key can decrypt and read it.

  • Protects data in transit — even if intercepted, it's useless without the key
  • HTTPS websites use SSL/TLS encryption
  • Can also encrypt data at rest (stored on disk)
  • Does not prevent data being intercepted — just makes it unreadable
Strong Passwords Counters: Brute-force, dictionary attacks

Longer, more complex passwords take exponentially longer to crack by automated guessing tools.

  • Mix of uppercase, lowercase, numbers, and symbols
  • At least 12 characters — longer is stronger
  • Never reuse passwords across accounts
  • Password managers allow unique complex passwords per account without memorising them
Multi-Factor Authentication (MFA / 2FA) Counters: Stolen credentials, phishing

Requires two or more forms of verification before granting access. Combining something you know (password) with something you have (phone) or are (biometric).

  • Even if a password is stolen, the attacker cannot log in without the second factor
  • Examples: SMS code, authenticator app, fingerprint, hardware key
  • Most important defence against phishing attacks targeting passwords
Anti-Malware / Anti-Virus Counters: Viruses, trojans, ransomware, spyware

Software that detects, quarantines, and removes malicious programs.

  • Uses a database of known virus signatures to identify threats
  • Must be kept up to date — new malware is released constantly
  • Heuristic scanning can detect previously unknown malware by behaviour
  • Cannot protect against threats it hasn't been updated to recognise
Access Control Counters: Insider threats, data breaches

Limits what users are allowed to access, read, write, or execute — the principle of least privilege: users only have access to what they need for their role.

  • Prevents an employee (or attacker with stolen credentials) accessing sensitive data they shouldn't see
  • Reduces the damage from a compromised account
  • Managed through user accounts, group policies, and permissions
Software Updates / Patches Counters: Exploitation of known vulnerabilities

Software developers release patches to fix security vulnerabilities. Unpatched systems are a primary target for attackers.

  • Many major breaches exploit known vulnerabilities that were already patched — just not applied
  • Includes OS updates, application updates, and firmware updates
  • Should be applied promptly — attackers scan for unpatched systems
User Education & Training Counters: Phishing, social engineering

Humans are often the weakest link. Training staff and users to recognise attacks reduces the chance of falling for social engineering.

  • Recognising phishing emails — suspicious sender, urgent language, unexpected links
  • Not plugging in unknown USB drives
  • Reporting suspicious activity to IT
  • Understanding why security policies exist

Activity: Threat vs Defence Matcher

For each scenario, select the best primary defence from the dropdown. Then click Check to see your results.