Network security
Networks are useful because they share data — and dangerous for the same reason. Without security, attackers can eavesdrop, impersonate or disrupt. AQA's GCSE focuses on encryption, firewalls, MAC address filtering and authentication as layers of defence.
Encryption
Encryption converts readable data (plaintext) into unreadable form (ciphertext) using a key. The receiver decrypts using the corresponding key.
Symmetric encryption
- Same key used to encrypt and decrypt.
- Fast, well-suited to bulk data.
- Challenge: how do both parties get the key without an attacker intercepting it?
Asymmetric encryption
- A pair of keys: public (shared openly) and private (kept secret).
- Anyone can encrypt a message with the public key; only the holder of the private key can decrypt.
- Used to securely exchange a symmetric key, then bulk data uses symmetric.
- Slower than symmetric; usually combined with it.
This combination is the basis of HTTPS / TLS.
Firewalls
A firewall is software or hardware that filters network traffic based on rules. Sits between trusted (LAN) and untrusted (internet) networks.
What firewalls do:
- Allow or block traffic based on source/destination, port, protocol.
- Block known malicious patterns.
- Hide internal network from outside scans (NAT).
- Log suspicious activity.
Firewalls are not magic — they don't stop attacks that come through allowed traffic (e.g. a phishing email).
MAC address filtering
Every network adapter has a unique MAC (Media Access Control) address — six pairs of hex digits like 00:1A:2B:3C:4D:5E.
A router or access point can be configured to only allow listed MAC addresses to connect. Unlisted devices are blocked.
Limitation: MAC addresses can be spoofed (attacker changes their adapter's MAC to a known-allowed one). MAC filtering is a useful deterrent, not a strong defence on its own.
Authentication
Authentication verifies a user is who they claim to be. Methods:
- Password — something you know. Strong if long and unique.
- Two-factor authentication (2FA) — something you have (phone, key) plus a password.
- Biometrics — something you are (fingerprint, face).
- Certificates — cryptographic credentials proving identity.
Strong authentication is the first line of defence against unauthorised access.
Layers of defence (defence in depth)
No single measure is perfect. Real networks layer them:
- Physical — locked server room, locked cables.
- Network — firewall, VPN, MAC filtering.
- Transport — encryption (TLS/HTTPS).
- Authentication — strong passwords, 2FA, biometrics.
- Authorisation — only allow each user/process to do what they need (least privilege).
- Monitoring — logs, intrusion-detection systems.
- User education — recognising phishing, safe browsing.
If one layer fails, others catch the attacker. No layer is a substitute for all the others.
✦Worked example
A small business sets up a Wi-Fi network. List four security measures.
- Encryption — WPA3 or WPA2 with strong passphrase.
- MAC filtering — only allow staff laptops.
- Firewall — block unsolicited inbound traffic.
- Authentication — staff log in with username and password to their PCs and accounts.
Add 2FA for cloud services for additional defence.
⚠Common mistakes— Pitfalls
- Calling MAC filtering "secure". It's a deterrent — easily bypassed by a determined attacker.
- Assuming HTTPS = total security. HTTPS protects the channel; the website itself can still be malicious.
- Treating firewalls as preventing all attacks. Firewalls allow approved traffic — phishing/malware in approved channels still gets through.
- Using one defence and stopping. Defence-in-depth requires multiple complementary layers.
- Confusing authentication with authorisation. Authentication = "who are you?" Authorisation = "what can you do?".
➜Try this— Quick check
For each measure, state what kind of attack it primarily defends against:
- Encryption: eavesdropping / interception.
- Firewall: unauthorised inbound connections.
- MAC filtering: casual / unauthorised devices joining the network.
- Authentication: impersonation / unauthorised login.
- 2FA: password theft / phishing.
AI-generated · claude-opus-4-7 · v3-deep-computer-science